-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Mar 2016 15:32:04 +0100 Source: bsh Binary: bsh bsh-gcj bsh-doc bsh-src Architecture: source all amd64 Version: 2.0b4-12+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: bsh - Java scripting environment (BeanShell) Version 2 bsh-doc - Documentation for bsh bsh-gcj - Java scripting environment (BeanShell) Version 2 (native code) bsh-src - Java scripting environment (BeanShell) Version 2 (source code) Changes: bsh (2.0b4-12+deb7u1) wheezy-security; urgency=high . * Team upload. * Fix CVE-2016-2510. An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. Checksums-Sha1: 04a045a1f8dd9d5d1f9cd921259e15d752be831b 2191 bsh_2.0b4-12+deb7u1.dsc 03db7b1d7318203ee5ee7534f32dd68b60d21922 826645 bsh_2.0b4.orig.tar.gz 535d7760cfbd073bd290a1450ce5d9d775c5bf40 8948 bsh_2.0b4-12+deb7u1.debian.tar.gz 9a07b83f516bf8f62a34f642fbf931ca69c673d8 270880 bsh_2.0b4-12+deb7u1_all.deb b770893a78518c34eebf9d4e34ef16bb174adb5f 427574 bsh-doc_2.0b4-12+deb7u1_all.deb 9e0adf586f8ddc3fa9b0047ba754854923e475d8 836146 bsh-src_2.0b4-12+deb7u1_all.deb 8b3be2ae40cb8d965de190a38e9186361271d890 470788 bsh-gcj_2.0b4-12+deb7u1_amd64.deb Checksums-Sha256: 8d5cb7ecb262074728f523846d9fc4cf3b6c15354526d674f8ddc15a155f17b7 2191 bsh_2.0b4-12+deb7u1.dsc 776a64db4967af4fdfa13e3801eaf4249afbb7ffa1ced13f525fdf44e6e340f7 826645 bsh_2.0b4.orig.tar.gz eba036af3614e21b83673ed3e6eba1d28029e3d7ab0ad498d3ffd53675e2fa64 8948 bsh_2.0b4-12+deb7u1.debian.tar.gz 4cdae0a778736064c55d74ad461b1f5dd3f71cc58523d081e3cbd91d533236ec 270880 bsh_2.0b4-12+deb7u1_all.deb 6222dc06c40cb1a6517e47da8c12033c8e74e52fa26861849cd816c20b099d2e 427574 bsh-doc_2.0b4-12+deb7u1_all.deb cf9d1763eb475ca1e652c6fd7d0c97fadee31576c86c0390ef7237314abfe60c 836146 bsh-src_2.0b4-12+deb7u1_all.deb 8952f4101e0358b58de2d34d6936c55b4051310399f086d80729b7d49d976ca7 470788 bsh-gcj_2.0b4-12+deb7u1_amd64.deb Files: 2f1f87593bf62600cbfd2f7c0fcd091b 2191 java optional bsh_2.0b4-12+deb7u1.dsc 47642ecdfed4789bed8d4184aeebb132 826645 java optional bsh_2.0b4.orig.tar.gz 334d251de8542be41912b7008fc090f1 8948 java optional bsh_2.0b4-12+deb7u1.debian.tar.gz b93ac41f95e66e02a63fd0ef497c09aa 270880 java optional bsh_2.0b4-12+deb7u1_all.deb ee6d487e5f4e70a9be2838a767547a93 427574 doc optional bsh-doc_2.0b4-12+deb7u1_all.deb 528a253f0f83a65ad746ffb08193d539 836146 java optional bsh-src_2.0b4-12+deb7u1_all.deb 36100edfd464aacabbc4b026002b8c01 470788 libs optional bsh-gcj_2.0b4-12+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJW1cdoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkUwkP/i+Jb2tOlgaGo04kQVGb8zhA 5CuJc9BSgKfllia8N6ywmYbqTcZ6iV+u+8WqN9tY5bGagxTnnhBfju+Z8OYmcluS SenqydL3EslXwG/eGuFSdLSV/BgIFdQzTLBRyzvCb7TqXxnzpodeZ7r0b4k0xk2w QauXKqw3dV52V+cGSfeP68867/8aSgZ3mh/8bRsuDnz2M8K2mkckhX+zJo5vnSPH U2gxqTwYlLmE9GrZTrV62+bE0kQlMOBhh/MHUD0DbUklEwVdLR5NgBRyQTVynoTs Mau7fQ7a+NO2eyU+L1O8dRv6A4yqEMb8ugtuwLSYqmRVZV2fMpvegtGuq52sETTX KfCvr+1Spp1IkXrsAxX/HP4WlaT8fgY9MIj3jMoUUmFJU+x7/tdKeiNG4Bncemf6 4ZFqvOT3RiibV1O9wNp9hvOPEfhQzeb1T6GVOOtYtYPENB00Os0V78TZjnuQWW3q ZTK7UjRrq961aqyzMOGox7s5I4TBGY5tHvrMd3J0/FZqc69V/oQFY08mpdmPILO+ YbpyKy33C4fQRviZGtbB//ZLG4i7AKxOzIDlZZ8N52sUHm6IGDTJtIzeg377LYHL 4ChPQ/GnNNeC2mJdKyB774Bhv8N7nxf7kf4fQYblheHYFlJaLcAWZJWOR5om3zRX J68pYPgDusQwJynmgans =qPSI -----END PGP SIGNATURE-----
