PS: Maybe I should add: I got my unstable distribution by first installing
stable and then do first an upgrade and then a dist-upgrade.
Hi, thanks. I agree that this is a general Java issue in any
application using serialization - the vulnerability attack vector
would just move to less common libraries (we point this out in the
release notes).
Also I must admit for me it was a bit confuising at first to learn
about how a scripting
Hi Stian,
Thank you for the notice. Technically this isn't a vulnerability in bsh
though, the issue is any application deserializing untrusted data
without sanitizing it and having bsh on the classpath. I'm not aware of
such applications in Debian, but if there is one it should be fixed in
priorit
Hi,
BeanShell aka bsh has released a security fix 2.0b6:
https://github.com/beanshell/beanshell/releases/tag/2.0b6
It has been reported to MITRE as CVE-2016-2510.
This might be a good time to address
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700610
and update sid to use the new upstre
4 matches
Mail list logo
