Package: bsh / 2.0b4-15+deb8u1
Metadata
Package | Version | Patches format |
---|---|---|
bsh | 2.0b4-15+deb8u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_EnableBsfAdapter_buildXml.patch | (download) |
build.xml |
4 2 + 2 - 0 ! |
build without the bsf adapter. |
02_GNUvms_workaround.patch | (download) |
src/bsh/Console.java |
26 17 + 9 - 0 ! |
insert a work around for gnu jvms to use an awt based gui instead of swing. |
03_target13_buildXml.patch | (download) |
build.xml |
2 1 + 1 - 0 ! |
compile 1.3 java code. |
04_fix_typo.patch | (download) |
src/bsh/BshClassManager.java |
2 1 + 1 - 0 ! |
fixes a typo. |
05_link_javadoc.patch | (download) |
build.xml |
6 5 + 1 - 0 ! |
link the javadoc against system installed javadocs. |
CVE 2016 2510.patch | (download) |
src/bsh/XThis.java |
8 6 + 2 - 0 ! |
cve-2016-2510 An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced |
1