Bug#700610: Fwd: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Stian Soiland-Reyes
stain at apache.org
Fri Feb 19 12:13:02 UTC 2016
---------- Forwarded message ----------
From: Stian Soiland-Reyes <stain at apache.org>
Date: 19 February 2016 at 12:10
Subject: bsh (BeanShell) security vulnerability (CVE-2016-2510)
To: team at security.debian.org, debian-java at lists.debian.org
Hi,
BeanShell aka bsh has released a security fix 2.0b6:
https://github.com/beanshell/beanshell/releases/tag/2.0b6
It has been reported to MITRE as CVE-2016-2510.
This might be a good time to address
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700610
and update sid to use the new upstream home of
https://github.com/beanshell/beanshell
(transitioned from apache-extras)
Note that since 2.0b5 the license has changed to Apache License.
2.0b5 should be functionally equivalent to 2.0b4 except the license change.
If you want to backport only the security fix for 2.0b4 jessie, see
https://github.com/beanshell/beanshell/commits/2.0b6
specifically these two commits:
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718
--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718
More information about the pkg-java-maintainers
mailing list