Accepted bsh 2.0b4-16 (source all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Feb 2016 18:36:28 +0100
Source: bsh
Binary: bsh libbsh-java bsh-doc bsh-src
Architecture: source all
Version: 2.0b4-16
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
bsh - Java scripting environment (BeanShell) Version 2
bsh-doc - Documentation for bsh
bsh-src - Java scripting environment (BeanShell) Version 2 (source code)
libbsh-java - Java scripting environment (BeanShell) Version 2 (library)
Changes:
bsh (2.0b4-16) unstable; urgency=high
.
* Team upload.
* Fix CVE-2016-2510.
An application that includes BeanShell on the classpath may be vulnerable
if another part of the application uses Java serialization or XStream to
deserialize data from an untrusted source. A vulnerable application could
be exploited for remote code execution, including executing arbitrary shell
commands.
* Declare compliance with Debian Policy 3.9.7.
* Vcs-Browser: Use https.
Checksums-Sha1:
8406c961ae5c790c1fde37870aaf8d5b1e672e2a 2264 bsh_2.0b4-16.dsc
ef77bc4d68cbc958207c63551cf5e9a43933ed2d 9284 bsh_2.0b4-16.debian.tar.xz
439f99a246e0da48ed72b8da72515fcfc2dc9ffe 331292 bsh-doc_2.0b4-16_all.deb
3c3817eecc8750b3cece8fe8bf8532eb3913c2f0 837490 bsh-src_2.0b4-16_all.deb
97d5bf44708c2c0799ca211739f646273ed948fe 8034 bsh_2.0b4-16_all.deb
572524c72cc7a62145e2f77f6b779168fe2d0040 266448 libbsh-java_2.0b4-16_all.deb
Checksums-Sha256:
3b2eae370703bed8ce84c6de9fca42f236e0195655a69cdf0302928c655e52ac 2264 bsh_2.0b4-16.dsc
2263a2d30c4fefb8db703c65a2c8766ae6007da0406e843dbf90a88f7284df0f 9284 bsh_2.0b4-16.debian.tar.xz
4fba8aac7499db5c1bccd231492e2542de252baa8d2ef0a3b5bc1db3e4ebe488 331292 bsh-doc_2.0b4-16_all.deb
fc83fdaad083af7f14dd52f4c7face4339bbd1a91028f3318c47e15ea7775181 837490 bsh-src_2.0b4-16_all.deb
30768de1fad369093db6976628fd02a1f4db3a6bd3f8b79434010562c7374f89 8034 bsh_2.0b4-16_all.deb
e6840e16d414c40ca2beb4fd3bc277bcc483d5bf88f323b21f18d0dcdc3ad07a 266448 libbsh-java_2.0b4-16_all.deb
Files:
d4cac1214d9966a5bc95caaf29942391 2264 devel optional bsh_2.0b4-16.dsc
8ab4bed3b7a4d85ba153adafe635ea73 9284 devel optional bsh_2.0b4-16.debian.tar.xz
b8ff1d99f3181fe0696f9191d7cbc1ef 331292 doc optional bsh-doc_2.0b4-16_all.deb
53d3c2c04fb1bde75466b60c2a2bacee 837490 java optional bsh-src_2.0b4-16_all.deb
818b4129ee2320e192a4c2a38878cbc0 8034 devel optional bsh_2.0b4-16_all.deb
9bdc10470aa874553a81c301b5395a75 266448 java optional libbsh-java_2.0b4-16_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJW0zJOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkSKQP/2f63Ih3LpJK9mQxvxQNtReB
xsabWpV9ROl6hI/DTWryWSeknmsKSkPfuzup2+uI+fv0APm5qv/Ea5gjbcCES4WK
7cYHAhNj/qSF6D3+ZROlTR09DS6KjgbklpfDzMrymkvsirvC1Nq6MWRGFzVX9noS
WNWSQU+ariSNFAVJ+1FYDsjRiRH7HHshpGDhEh8XFTslA+9PwuRRahDd8EjLjqR9
p6J0bFI/alIY+ePnA4FRwluPmatxN8W98Xa1ER1XkvTLwf/JXVtAh2FTQZ+PuIcF
YF5ZbFFB92zNgpo+qUr8tF5WJC+n3pERonsOBHzJpWF0Y4wHYC/dyb8xpea58q4F
P1eILllg0DPRyjzwPf9zbBWHgZAeCBMm1BLPZTBhoIACY0F/F4tMTv5gAMlpLSbw
4GAWRSh0l0kD8HEqy9QrMyIEmSLgY5veWaIP8vVx4hQ17asms/yGb8qyQEIX8qX6
jfR04H10veiIusluZF9GZ4ZImP5n4evEpbKXE7rs/e9SQTaK9kjUNOFvhXfYWAU3
37Ek8wBpF7b5dKw3IHuBaADXhiAEp6ohz9snhx6dY2fm9VzIv65Vo7C08gLoLnhK
ejceOqtwNccNeksX7O+p0LS51Vm0Fk4qqjci6zOJZKiPVtL5pWJGk59ekgSIp8tD
d8mFt7h8y49MNS4PoZXl
=5TO0
-----END PGP SIGNATURE-----