[Secure-testing-team] Bug#777079: jython: CVE-2013-2027
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 4 20:09:40 UTC 2015
Source: jython
Version: 2.5.2-1
Severity: important
Tags: security upstream
Hi
Several issues were mentioned in Red Hat Bugzilla at [0] referencing
the issue which creates executables class files with wrong permissions
with CVE-2013-2027.
At least it seems present in the Debian package that the package
writes to /usr/share. In the SuSE bugzilla[1] there are some links to
fixes applied in SuSE[2].
Could you please double-check the jython package in Debian?
[0] https://bugzilla.redhat.com/show_bug.cgi?id=947949
[1] https://bugzilla.novell.com/show_bug.cgi?id=916224
[2] https://build.opensuse.org/request/show/284056
Regards,
Salvatore
More information about the Secure-testing-team
mailing list