Summary: | <dev-java/bsh-2.0_beta6: remote code execution via deserialization | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1310647 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 576846 |
Description
Agostino Sarubbo
2016-02-23 15:08:20 UTC
commit 9c796dcc0d36ed7a9795f7b154fe6ab4964a8529 (HEAD -> master, origin/master, origin/HEAD) Author: Patrice Clement <monsieurp@gentoo.org> Date: Tue Feb 23 16:29:55 2016 +0000 dev-java/bsh: Version bump. Fixes security bug 575482. Whilst at it, this commit also bumps the ebuild to EAPI version 5. Package-Manager: portage-2.2.26 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> dev-java/bsh/Manifest | 1 + dev-java/bsh/bsh-2.0_beta4-r4.ebuild | 2 +- dev-java/bsh/bsh-2.0_beta6.ebuild | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 dev-java/bsh/bsh-2.0_beta6.ebuild Arch teams, Please stabilise: dev-java/bsh/bsh-2.0_beta6 Target arches: amd64 ppc64 x86 Thank you. amd64 stable commit 1e540757694cacf45317bdd687d3c33d96827194 (HEAD -> master) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Tue Mar 15 09:49:45 2016 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Tue Mar 15 09:49:45 2016 +0000 dev-java/bsh: Stable for ppc64+x86. Fixes security bug 575482. As per IRC discussion with Agostino. Package-Manager: portage-2.2.26 dev-java/bsh/bsh-2.0_beta6.ebuild | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 666ad6d66632323fa4444badf35988038aaf01fa (HEAD -> master) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Tue Mar 15 09:52:51 2016 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Tue Mar 15 09:53:18 2016 +0000 dev-java/bsh: Clean up vulnerable version. Fixes security bug 575482. Package-Manager: portage-2.2.26 dev-java/bsh/Manifest | 2 -- dev-java/bsh/bsh-2.0_beta4-r4.ebuild | 68 --------------------------------------------------------- dev-java/bsh/files/bsh2-readline.patch | 151 ------------------------------------------------------------------------------------------------------------------------------ dev-java/bsh/files/bsh2.0b4-build.patch | 53 -------------------------------------------- 4 files changed, 274 deletions(-) delete mode 100644 dev-java/bsh/bsh-2.0_beta4-r4.ebuild delete mode 100644 dev-java/bsh/files/bsh2-readline.patch delete mode 100644 dev-java/bsh/files/bsh2.0b4-build.patch Security team, please vote. GLSA request opened. This issue was resolved and addressed in GLSA 201607-17 at https://security.gentoo.org/glsa/201607-17 by GLSA coordinator Aaron Bauman (b-man). |