-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Mar 2016 15:54:12 +0100 Source: bsh Binary: bsh libbsh-java bsh-doc bsh-src Architecture: source all Version: 2.0b4-15+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: bsh - Java scripting environment (BeanShell) Version 2 bsh-doc - Documentation for bsh bsh-src - Java scripting environment (BeanShell) Version 2 (source code) libbsh-java - Java scripting environment (BeanShell) Version 2 (library) Changes: bsh (2.0b4-15+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2016-2510. An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. Checksums-Sha1: b84817cd31d61889f5a2ee76e9ea888767273c95 2291 bsh_2.0b4-15+deb8u1.dsc dc1344119059ea42f3df115b8d06dc7807615c3d 9280 bsh_2.0b4-15+deb8u1.debian.tar.xz 78f7b39b1775f1e045fc36643408b0f4b9a3deaf 8094 bsh_2.0b4-15+deb8u1_all.deb 0d313f9f9dfb7d410ed3aa59247818d7db11fbe1 266470 libbsh-java_2.0b4-15+deb8u1_all.deb cc26005dc0b7e76a5d76693edaec037d2636dc41 342042 bsh-doc_2.0b4-15+deb8u1_all.deb d9c5f9eab164475c8a47e3169027cfe5f224456d 837614 bsh-src_2.0b4-15+deb8u1_all.deb Checksums-Sha256: b1ca7393ecfbb887430740267093cb5159b5299bb9b9582e28b39216507b0dff 2291 bsh_2.0b4-15+deb8u1.dsc 5b8675c6ae951f24f77e83df9300c98cb4f42d2391c652db0a8f7d574c8d16bc 9280 bsh_2.0b4-15+deb8u1.debian.tar.xz 42b6e3e57926d6a8acccb58077051b4e0144938a200e97c53b45d467235cb135 8094 bsh_2.0b4-15+deb8u1_all.deb 72ddef827d11fb5e6d8a39123a4e4027d86b8e5d85ce8289f2bc3c26f09735ef 266470 libbsh-java_2.0b4-15+deb8u1_all.deb fcbe805842b885a36008ad89bdc14345799d051939101bdd3c3c6c3850f45044 342042 bsh-doc_2.0b4-15+deb8u1_all.deb 05eb777ba85efabb19d039be837e81254956ecb7da3cb3eb1f2186d1545d80d1 837614 bsh-src_2.0b4-15+deb8u1_all.deb Files: 5a0aaa98bf25d23cb4b7c03bbf74483c 2291 devel optional bsh_2.0b4-15+deb8u1.dsc d8f4836a64d26ef3ddcfc6f51bcea57f 9280 devel optional bsh_2.0b4-15+deb8u1.debian.tar.xz 1d02fe312585dde432bbbbfdaaa0dd1b 8094 devel optional bsh_2.0b4-15+deb8u1_all.deb e93eea765b76baac8372cc0a213ca4cf 266470 java optional libbsh-java_2.0b4-15+deb8u1_all.deb 1c900ebc0a577e45e576236364e319ab 342042 doc optional bsh-doc_2.0b4-15+deb8u1_all.deb 66f6c5fff9437430ac03763ae284d717 837614 java optional bsh-src_2.0b4-15+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJW1eD2XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkfBAQALiEaDVOopnZmfEG5OZ2HCKQ LSSPWGUu480ByRnS4JhpYyYNXMV6K04dnoUbTp07MRb0QZH+inGVN9oUGJIcqgqp gw2gdkBaalIQ0RwiGUTKb43emE3lC/NucCuMIi9Mpo++akABTFGlikShOZ05hOTe ymW+V9D2qhfVavEfAfTR5ObSeoYDsWzaCcUnsDjwC/Que23+UOMxKDjWAFaY9MR7 m/1Gx+yF3j1YIyz4BxSTUfOYZNk1GgYE1WygkVDtpcc2Q35VM90ZiMKQCKahJv3A oWrArzoH0LX7gsJO7nosiryksxSCdO7JJvku0T6PGMoYBJ36YP1UfqXJHKsfJDca M3rGn6QOQnNkLFtTFJ2CXJOvb/lq4ltLn+nAItTueM71KjwnsCMw5prH9VC3BgbC NxKAESEBGlJqb+mJiopEllvM2B93p7Eo+IlXBlin4hyk0np9PqJl7mLoScmKqPjo 3Q8qN9itIH6kGtSZUJ65G6o9UhDFdeYxBVq7hz4/20wotFwItvRWx9qTORRN1qhz 1ekuJ75pW+LrOF8E4mPRiqwfSYLnj67+IcYa0iQV66rCvmf+AttnSxSgzjv1cK7x 3TxLZ0Ur8WNt/lV3FAA/O7Fb27lFKz7xGSTmqaAEJr7Iix75bgknI7buRmyeq5p5 zzh6lQb/37BBGWMxO8ji =VeNt -----END PGP SIGNATURE-----
