---------- Forwarded message ----------
From: Stian Soiland-Reyes <st...@apache.org>
Date: 19 February 2016 at 12:10
Subject: bsh (BeanShell) security vulnerability (CVE-2016-2510)
To: t...@security.debian.org, debian-j...@lists.debian.org


Hi,

BeanShell aka bsh has released a security fix 2.0b6:

https://github.com/beanshell/beanshell/releases/tag/2.0b6

It has been reported to MITRE as CVE-2016-2510.


This might be a good time to address
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700610

and update sid to use the new upstream home of
https://github.com/beanshell/beanshell
(transitioned from apache-extras)


Note that since 2.0b5 the license has changed to Apache License.

2.0b5 should be functionally equivalent to 2.0b4 except the license change.


If you want to backport only the security fix for 2.0b4 jessie, see
https://github.com/beanshell/beanshell/commits/2.0b6

specifically these two commits:

https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49

https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced


--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718


-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to