Accepted bsh 2.0b4-15+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 Mar 2016 15:54:12 +0100
Source: bsh
Binary: bsh libbsh-java bsh-doc bsh-src
Architecture: source all
Version: 2.0b4-15+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
bsh - Java scripting environment (BeanShell) Version 2
bsh-doc - Documentation for bsh
bsh-src - Java scripting environment (BeanShell) Version 2 (source code)
libbsh-java - Java scripting environment (BeanShell) Version 2 (library)
Changes:
bsh (2.0b4-15+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Fix CVE-2016-2510.
An application that includes BeanShell on the classpath may be vulnerable
if another part of the application uses Java serialization or XStream to
deserialize data from an untrusted source. A vulnerable application could
be exploited for remote code execution, including executing arbitrary shell
commands.
Checksums-Sha1:
b84817cd31d61889f5a2ee76e9ea888767273c95 2291 bsh_2.0b4-15+deb8u1.dsc
dc1344119059ea42f3df115b8d06dc7807615c3d 9280 bsh_2.0b4-15+deb8u1.debian.tar.xz
78f7b39b1775f1e045fc36643408b0f4b9a3deaf 8094 bsh_2.0b4-15+deb8u1_all.deb
0d313f9f9dfb7d410ed3aa59247818d7db11fbe1 266470 libbsh-java_2.0b4-15+deb8u1_all.deb
cc26005dc0b7e76a5d76693edaec037d2636dc41 342042 bsh-doc_2.0b4-15+deb8u1_all.deb
d9c5f9eab164475c8a47e3169027cfe5f224456d 837614 bsh-src_2.0b4-15+deb8u1_all.deb
Checksums-Sha256:
b1ca7393ecfbb887430740267093cb5159b5299bb9b9582e28b39216507b0dff 2291 bsh_2.0b4-15+deb8u1.dsc
5b8675c6ae951f24f77e83df9300c98cb4f42d2391c652db0a8f7d574c8d16bc 9280 bsh_2.0b4-15+deb8u1.debian.tar.xz
42b6e3e57926d6a8acccb58077051b4e0144938a200e97c53b45d467235cb135 8094 bsh_2.0b4-15+deb8u1_all.deb
72ddef827d11fb5e6d8a39123a4e4027d86b8e5d85ce8289f2bc3c26f09735ef 266470 libbsh-java_2.0b4-15+deb8u1_all.deb
fcbe805842b885a36008ad89bdc14345799d051939101bdd3c3c6c3850f45044 342042 bsh-doc_2.0b4-15+deb8u1_all.deb
05eb777ba85efabb19d039be837e81254956ecb7da3cb3eb1f2186d1545d80d1 837614 bsh-src_2.0b4-15+deb8u1_all.deb
Files:
5a0aaa98bf25d23cb4b7c03bbf74483c 2291 devel optional bsh_2.0b4-15+deb8u1.dsc
d8f4836a64d26ef3ddcfc6f51bcea57f 9280 devel optional bsh_2.0b4-15+deb8u1.debian.tar.xz
1d02fe312585dde432bbbbfdaaa0dd1b 8094 devel optional bsh_2.0b4-15+deb8u1_all.deb
e93eea765b76baac8372cc0a213ca4cf 266470 java optional libbsh-java_2.0b4-15+deb8u1_all.deb
1c900ebc0a577e45e576236364e319ab 342042 doc optional bsh-doc_2.0b4-15+deb8u1_all.deb
66f6c5fff9437430ac03763ae284d717 837614 java optional bsh-src_2.0b4-15+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJW1eD2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkfBAQALiEaDVOopnZmfEG5OZ2HCKQ
LSSPWGUu480ByRnS4JhpYyYNXMV6K04dnoUbTp07MRb0QZH+inGVN9oUGJIcqgqp
gw2gdkBaalIQ0RwiGUTKb43emE3lC/NucCuMIi9Mpo++akABTFGlikShOZ05hOTe
ymW+V9D2qhfVavEfAfTR5ObSeoYDsWzaCcUnsDjwC/Que23+UOMxKDjWAFaY9MR7
m/1Gx+yF3j1YIyz4BxSTUfOYZNk1GgYE1WygkVDtpcc2Q35VM90ZiMKQCKahJv3A
oWrArzoH0LX7gsJO7nosiryksxSCdO7JJvku0T6PGMoYBJ36YP1UfqXJHKsfJDca
M3rGn6QOQnNkLFtTFJ2CXJOvb/lq4ltLn+nAItTueM71KjwnsCMw5prH9VC3BgbC
NxKAESEBGlJqb+mJiopEllvM2B93p7Eo+IlXBlin4hyk0np9PqJl7mLoScmKqPjo
3Q8qN9itIH6kGtSZUJ65G6o9UhDFdeYxBVq7hz4/20wotFwItvRWx9qTORRN1qhz
1ekuJ75pW+LrOF8E4mPRiqwfSYLnj67+IcYa0iQV66rCvmf+AttnSxSgzjv1cK7x
3TxLZ0Ur8WNt/lV3FAA/O7Fb27lFKz7xGSTmqaAEJr7Iix75bgknI7buRmyeq5p5
zzh6lQb/37BBGWMxO8ji
=VeNt
-----END PGP SIGNATURE-----