Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
On Mar/01, Markus Koschany wrote:
> Thanks for your assistance. I'm attaching the proposed debdiff for bsh
> in Wheezy and Jessie. I can upload anytime.
Everything's looking good. Since the package will be new in both wheezy-
and jessie-security, but using the same upstream tarball, you'll want to
build the wheezy package with -sa, upload that, and give security-master
a fair amount of time to process that upload (say, 30 minutes). After
that, you can build the jessie package without -sa and upload it.
> P.S.: If time permits, please let me know how we should proceed with
> Tomcat 6 in Wheezy.
I haven't followed that topic too closely, so I'll let someone else in
the team chime in.