---------- Forwarded message ---------- From: Stian Soiland-Reyes <st...@apache.org> Date: 19 February 2016 at 12:10 Subject: bsh (BeanShell) security vulnerability (CVE-2016-2510) To: t...@security.debian.org, debian-j...@lists.debian.org
Hi, BeanShell aka bsh has released a security fix 2.0b6: https://github.com/beanshell/beanshell/releases/tag/2.0b6 It has been reported to MITRE as CVE-2016-2510. This might be a good time to address https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700610 and update sid to use the new upstream home of https://github.com/beanshell/beanshell (transitioned from apache-extras) Note that since 2.0b5 the license has changed to Apache License. 2.0b5 should be functionally equivalent to 2.0b4 except the license change. If you want to backport only the security fix for 2.0b4 jessie, see https://github.com/beanshell/beanshell/commits/2.0b6 specifically these two commits: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced -- Stian Soiland-Reyes Apache Taverna (incubating), Apache Commons RDF (incubating) http://orcid.org/0000-0001-9842-9718 -- Stian Soiland-Reyes Apache Taverna (incubating), Apache Commons RDF (incubating) http://orcid.org/0000-0001-9842-9718 __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.