Package: bsh / 2.0b4-12+deb7u1

Metadata

Package Version Patches format
bsh 2.0b4-12+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_EnableBsfAdapter_buildXml.patch | (download)

build.xml | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
02_GNUvms_workaround.patch | (download)

src/bsh/Console.java | 26 17 + 9 - 0 !
1 file changed, 17 insertions(+), 9 deletions(-)

---
03_target13_buildXml.patch | (download)

build.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
CVE 2016 2510.patch | (download)

src/bsh/XThis.java | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 cve-2016-2510

An application that includes BeanShell on the classpath may be vulnerable if
another part of the application uses Java serialization or XStream to
deserialize data from an untrusted source.

A vulnerable application could be exploited for remote code execution,
including executing arbitrary shell commands.

https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced