Bug#864859: jython: CVE-2016-4000: Unsafe deserialization leads to code execution
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 16 07:09:46 UTC 2017
Source: jython
Version: 2.5.3-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: http://bugs.jython.org/issue2454
Hi,
the following vulnerability was published for jython.
CVE-2016-4000[0]:
Unsafe deserialization leads to code execution
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-4000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000
[1] http://bugs.jython.org/issue2454
[2] https://hg.python.org/jython/rev/d06e29d100c0
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list