[ubuntu/xenial-proposed] bsh 2.0b4-17ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 8 15:07:17 UTC 2016 

bsh (2.0b4-17ubuntu1) xenial; urgency=medium

  * Merged from Debian. Remaining changes:
    - Move to Servlet API 3.1

bsh (2.0b4-17) unstable; urgency=medium

  * Team upload.
  * Update CVE-2016-2510.patch and use java.io.ObjectStreamException and
    java.io.NotSerializableException directly to ensure Jedit can be build from
    source.

bsh (2.0b4-16) unstable; urgency=high

  * Team upload.
  * Fix CVE-2016-2510.
    An application that includes BeanShell on the classpath may be vulnerable
    if another part of the application uses Java serialization or XStream to
    deserialize data from an untrusted source. A vulnerable application could
    be exploited for remote code execution, including executing arbitrary shell
    commands.
  * Declare compliance with Debian Policy 3.9.7.
  * Vcs-Browser: Use https.

Date: Tue, 08 Mar 2016 09:58:49 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bsh/2.0b4-17ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Mar 2016 09:58:49 -0500
Source: bsh
Binary: bsh libbsh-java bsh-doc bsh-src
Architecture: source
Version: 2.0b4-17ubuntu1
Distribution: xenial
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 bsh        - Java scripting environment (BeanShell) Version 2
 bsh-doc    - Documentation for bsh
 bsh-src    - Java scripting environment (BeanShell) Version 2 (source code)
 libbsh-java - Java scripting environment (BeanShell) Version 2 (library)
Changes:
 bsh (2.0b4-17ubuntu1) xenial; urgency=medium
 .
   * Merged from Debian. Remaining changes:
     - Move to Servlet API 3.1
 .
 bsh (2.0b4-17) unstable; urgency=medium
 .
   * Team upload.
   * Update CVE-2016-2510.patch and use java.io.ObjectStreamException and
     java.io.NotSerializableException directly to ensure Jedit can be build from
     source.
 .
 bsh (2.0b4-16) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2016-2510.
     An application that includes BeanShell on the classpath may be vulnerable
     if another part of the application uses Java serialization or XStream to
     deserialize data from an untrusted source. A vulnerable application could
     be exploited for remote code execution, including executing arbitrary shell
     commands.
   * Declare compliance with Debian Policy 3.9.7.
   * Vcs-Browser: Use https.
Checksums-Sha1:
 ea6d37a32b161d586637a87d5e332573aa0b9502 2241 bsh_2.0b4-17ubuntu1.dsc
 03db7b1d7318203ee5ee7534f32dd68b60d21922 826645 bsh_2.0b4.orig.tar.gz
 40f62655bab106fef81b98144d18b3c5d947644f 9472 bsh_2.0b4-17ubuntu1.debian.tar.xz
Checksums-Sha256:
 f0864b89bad8ee6a8287d98ac52bbae3473f3e51aa90fee126cae46a65cc1188 2241 bsh_2.0b4-17ubuntu1.dsc
 776a64db4967af4fdfa13e3801eaf4249afbb7ffa1ced13f525fdf44e6e340f7 826645 bsh_2.0b4.orig.tar.gz
 f8d7ee463787efd375ac2c0b9b0d407654972416a84ef66e1f3d15411eddb9b2 9472 bsh_2.0b4-17ubuntu1.debian.tar.xz
Files:
 9aada858e9677896924d20a90d6bf2f9 2241 devel optional bsh_2.0b4-17ubuntu1.dsc
 47642ecdfed4789bed8d4184aeebb132 826645 devel optional bsh_2.0b4.orig.tar.gz
 6cdea12f3b80e633860e5b3155479ea6 9472 devel optional bsh_2.0b4-17ubuntu1.debian.tar.xz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW3uovAAoJEGVp2FWnRL6TuXQP/jQtDhS2vaHJPIEkgD4lPbQk
jhLqAAR78N/1vsLKnlCIIaz5X2L/QuXQeI4AdEypxLwElYBCUe98dwTIKwg9uqo+
WrHvaNTe+2V96p025SumQW+nTYwwMtojrj14eEVFrmtVnZoYkLd+x0e1mQPFk9S/
lXoSSPp1rokTRdT/Ff7Px80lFrDQjLW5ANqE1XhIf9FXE7mwoxhYmKJ/MlSLdhx8
5jEN1/4ng5Y5pEIq+R9qYhiXJlfc+f7h9zt27yCjGpwMMFiUt0HDIX/0yyY20tsn
GKzETSOeL6nLcHw2w9dDljMxdPGjDZgPDL1UfXMom2dl0gQmG/nUaAw2ogJ7QThw
ECnnxPCwrmeCCaEOLJ3XuQegcKoPZfvBnSVyfOzgmlwVMQuofUaLPafF9GnyI/7X
wGf5/EOOk8abZB77p6d6Qmjb3Q0fKl2i3QpAkiMvr8fai70Ww1IVxWohDBqaoQc9
WZ9NE4A5Cqbmqt6NYV2cZYx7waDkTuGNZd6sBGOr8e/r2bF8vKmrkMFAHZYtV9is
TFAbw9/ShTuj/pWdOGjLFd/KsbIMj7EkyYL9zNzzrh73rN7dwUN+UrOx00uWjiB6
GBgJkDTJkHqX5HgSYWH5XDdwJs/n0IG+6WEe89CEndko1T1jX9Oj663VIYpCl3Tt
Xq3IKitCsCIoluAuLBPX
=sXBX
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list