Package: bsh / 2.0b4-12+deb7u1
Metadata
Package | Version | Patches format |
---|---|---|
bsh | 2.0b4-12+deb7u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_EnableBsfAdapter_buildXml.patch | (download) |
build.xml |
4 2 + 2 - 0 ! |
--- |
02_GNUvms_workaround.patch | (download) |
src/bsh/Console.java |
26 17 + 9 - 0 ! |
--- |
03_target13_buildXml.patch | (download) |
build.xml |
2 1 + 1 - 0 ! |
--- |
CVE 2016 2510.patch | (download) |
src/bsh/XThis.java |
8 6 + 2 - 0 ! |
cve-2016-2510 An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced |
1