-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Feb 2016 12:59:05 +0100 Source: bsh Binary: bsh bsh-gcj bsh-doc bsh-src Architecture: source all i386 Version: 2.0b4-12+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: bsh - Java scripting environment (BeanShell) Version 2 bsh-doc - Documentation for bsh bsh-gcj - Java scripting environment (BeanShell) Version 2 (native code) bsh-src - Java scripting environment (BeanShell) Version 2 (source code) Changes: bsh (2.0b4-12+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2016-2510. An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. Checksums-Sha1: 3de393df4e6eb989e0a9a3676157ce5540dc0d45 2069 bsh_2.0b4-12+deb6u1.dsc 227b9e694a110075d023e013fc3c672b94169460 9096 bsh_2.0b4-12+deb6u1.debian.tar.gz 83eee716310250bfd20d5ef9a005c2620c8b111b 270696 bsh_2.0b4-12+deb6u1_all.deb 2dd4227df41b772c02c0f1e870e749244802cc9c 422198 bsh-doc_2.0b4-12+deb6u1_all.deb 11cf0a93c023e081f5066a2d081b78c45aada546 836072 bsh-src_2.0b4-12+deb6u1_all.deb 23abe7b31de747c5d92f577b265d5ba67292f6ef 360178 bsh-gcj_2.0b4-12+deb6u1_i386.deb Checksums-Sha256: 799cd893a68a748fb30a774d38272a6f94554cb7a482650bb1a15adef8cb0b45 2069 bsh_2.0b4-12+deb6u1.dsc 490dfac19faf7a89496acbc1c497190b38109487f7e0b5204eb1479883c40f51 9096 bsh_2.0b4-12+deb6u1.debian.tar.gz 73b3da5565832155958fd18ca50cce842ba5b727e09cffce1ed1c9616f835430 270696 bsh_2.0b4-12+deb6u1_all.deb 1fae8ff921141c03a62d9a6d429984ea772eacb6a9f28b743a34135eece46a10 422198 bsh-doc_2.0b4-12+deb6u1_all.deb 277c0b07f17901b37500025d2eb85ef50531277840083e96ccf8a54c89993373 836072 bsh-src_2.0b4-12+deb6u1_all.deb 3650b72260d6e88e37ca36eb298327503dbd2da7747e7714f8300c73f1b7aec6 360178 bsh-gcj_2.0b4-12+deb6u1_i386.deb Files: c5debd2bd9310e552627619878a4b002 2069 java optional bsh_2.0b4-12+deb6u1.dsc 8c7d2c6b4bc6974150e21b6b1d2df8df 9096 java optional bsh_2.0b4-12+deb6u1.debian.tar.gz 657f4e78d136aa3f02098cef12da54d7 270696 java optional bsh_2.0b4-12+deb6u1_all.deb 46aa7ee9ebfdb083ab5f9414664c7174 422198 doc optional bsh-doc_2.0b4-12+deb6u1_all.deb 808b48a1bb416dff62dcc24c664fdc63 836072 java optional bsh-src_2.0b4-12+deb6u1_all.deb 2b1ece331b284874513d7c9577279ee9 360178 libs optional bsh-gcj_2.0b4-12+deb6u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJW1D1SXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HknGQP/R1+81lXTaOUb4hUpZXtRpE+ BaP60OPK4g0r1244lKrBM32y8nvpwd4S44yV6pAy84hO/I/xeIMTw0zOEqBxo4oV Yoz9ngnrMA0GHxEnM5L00cRhXUCN1VIAyAXJa/R8R29y23k62WRHN2SmOfhCH+BP oqf8NzaKAS5DPrpJf8nAZVv1wU8tR90PcjUqfwzWt+m/WtdYhrtNmTtTYVw5JBmW xQSaSEFgOattPxrqet42J0h1MErb1QnkL6RzRDs3Lfcjb3YtkHHWgHtBkKPREhoY 2UL/KsrsaC8V1GLr6iAZzy+irafC6yVuS2RubWKpqKyeBhLXezLzkSH1SFWlaEEi oQoFJJIi28Qus44wHWW23/IrTDGfRAHdrNGvJqhRQU+X+43mSJ9Pc0O2yEFfBfBf EII7KT54Myf8dK9tRQKYUQoOcLly8/bXTCFM1pp0OALUlhoV2P6Gyp1k9TwEK/qh FZjUvoGtlzJoklqV1dBT6ckRX9aV68tfabdr5wspvq3qNYsZktvi0G50vT5Ov3n8 D7c++X5Zyd/fqXvMjKDuUgzD3n5OJ3ITMy87v0Xpi/C8LC+ibiPouD9P12T9bKqL LSUoZvCo8QQVZmwiynbVDnahjNr2YomRzFZfoGPEJJnFtDAWuIK/N4NeDwIFeX3a m7++FQMzVJeSTslj7KRa =3yJe -----END PGP SIGNATURE-----
