Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)

To: Markus Koschany <apo@debian.org>
Cc: team@security.debian.org, Stian Soiland-Reyes <stain@apache.org>, debian-java@lists.debian.org
Subject: Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
From: Sébastien Delafond <seb@debian.org>
Date: Tue, 1 Mar 2016 17:08:06 +0100
Message-id: <[🔎] 20160301160806.GJ15812@frisco.mine.nu>
In-reply-to: <[🔎] 56D5B022.4010505@debian.org>
References: <CAMBJEmU3hFuN4k7wrnhAgLtQxnCDH0joQO0A_9m=KXeJzA5xkQ@mail.gmail.com> <56D05866.80102@debian.org> <[🔎] 20160301131715.GC15812@frisco.mine.nu> <[🔎] 56D5B022.4010505@debian.org>

On Mar/01, Markus Koschany wrote:
> Thanks for your assistance. I'm attaching the proposed debdiff for bsh
> in Wheezy and Jessie. I can upload anytime.

Everything's looking good. Since the package will be new in both wheezy-
and jessie-security, but using the same upstream tarball, you'll want to
build the wheezy package with -sa, upload that, and give security-master
a fair amount of time to process that upload (say, 30 minutes). After
that, you can build the jessie package without -sa and upload it.

> P.S.: If time permits, please let me know how we should proceed with
> Tomcat 6 in Wheezy.

I haven't followed that topic too closely, so I'll let someone else in
the team chime in.

Cheers,

--Seb

Reply to:

References:
- Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
  - From: Sébastien Delafond <seb@debian.org>
- Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Next by Date: Re: Maven 3.3 backport
Previous by thread: Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Next by thread: Maven 3.3 backport
Index(es):
- Date
- Thread