[SECURITY] [DLA 989-1] jython security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 989-1] jython security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 18 Jun 2017 13:26:41 +0200
Message-id: <[🔎] e8ce00bb-7658-4d57-2800-2229ce55d197@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jython
Version        : 2.5.2-1+deb7u1
CVE ID         : CVE-2016-4000
Debian Bug     : 864859

Alvaro Munoz and Christian Schneider discovered that Jython, an
implementation of the Python language seamlessly integrated with Java,
would execute arbitrary code when deserializing objects.

For Debian 7 "Wheezy", these problems have been fixed in version
2.5.2-1+deb7u1.

We recommend that you upgrade your jython packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllGY3FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeR3MA//YSMdk2Y0O8PsdWAsrQmsMf6oKTmPxOL79pGj16ztuWDNrbwiCRmFsbuE
1uOH48u6h7Csz1f5LeV3ehxyt/Nd7cDoqP87x85iSa3qOpaw25j8Z0qSirA6AxJ1
vMZH/Pyimwgt0Gx33Cn8paTkR6nd3dFSCMUzxZBkf8j25Z3IniE4rX/1uAtscWfx
I53iXUNWyiiE2n5lOGjPjhzqg8j2FycumWQ9dJyuJ0RXI2k4hVeQJk/74/2yFmJT
kufRjCarJChDXCE8kNF/Fb9h8vhx5E92L+NoSHSGkHHs/jS2CQm+bjDygXYMZlmU
WQSu1/scGQIw3yjvPho0yuJmDNkWtwc1ktfJ56mazE48e5kulOelfsPTFJ8jzKG9
K+RtmRk9sSrbSOTjzgcxFZzbbrc2yT2GFSclnWMTorXPz+8JRs8wF15DzAD0aRcR
eLKLQR2wVr6p7AD+5pJt703Pl08fWLoXHZPNwQfi1d2Q+dwsc8Q/9GT1+lNKAxPy
+WOEgqHw/0IVMFAlLWj+c4H9fyMlVgkjSZo23SJs7h7ObFpHrVUlMZDtaWss3+8d
/J5Di54azKHg+9Ds0i61bjEg5uM3iJBvKFDa8mWwkhdv/KNb3tKpB89OvjhnVyH1
xJYBVPb1uxBfK5ZprzZtBs/KIPD587X7cUsHXQAuagPT2YIUfhE=
=K/g9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 991-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 992-1] eglibc security update
Previous by thread: [SECURITY] [DLA 991-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 992-1] eglibc security update
Index(es):
- Date
- Thread