Bug#777079: jython: CVE-2013-2027

Salvatore Bonaccorso carnil at debian.org
Wed Feb 4 20:09:40 UTC 2015


Source: jython
Version: 2.5.2-1
Severity: important
Tags: security upstream

Hi

Several issues were mentioned in Red Hat Bugzilla at [0] referencing
the issue which creates executables class files with wrong permissions
with CVE-2013-2027.

At least it seems present in the Debian package that the package
writes to /usr/share. In the SuSE bugzilla[1] there are some links to
fixes applied in SuSE[2].

Could you please double-check the jython package in Debian?

 [0] https://bugzilla.redhat.com/show_bug.cgi?id=947949
 [1] https://bugzilla.novell.com/show_bug.cgi?id=916224
 [2] https://build.opensuse.org/request/show/284056

Regards,
Salvatore



More information about the pkg-java-maintainers mailing list