Your message dated Fri, 16 Jun 2017 21:04:57 +0000 with message-id <e1dlyql-000i4k...@fasolo.debian.org> and subject line Bug#864859: fixed in jython 2.5.3-17 has caused the Debian Bug report #864859, regarding jython: CVE-2016-4000: Unsafe deserialization leads to code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jython Version: 2.5.3-1 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: http://bugs.jython.org/issue2454 Hi, the following vulnerability was published for jython. CVE-2016-4000[0]: Unsafe deserialization leads to code execution If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4000 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000 [1] http://bugs.jython.org/issue2454 [2] https://hg.python.org/jython/rev/d06e29d100c0 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jython Source-Version: 2.5.3-17 We believe that the bug you reported is fixed in the latest version of jython, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated jython package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Jun 2017 21:51:06 +0200 Source: jython Binary: jython jython-doc Architecture: source Version: 2.5.3-17 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: jython - Python seamlessly integrated with Java jython-doc - Jython documentation including API docs Closes: 864859 Changes: jython (2.5.3-17) unstable; urgency=medium . * Team upload. * Fix CVE-2016-4000: (Closes: #864859) Unsafe deserialization may lead to arbitrary code execution. Checksums-Sha1: 0cf2c3538ad581cbcd23633e13073f20ec8c8bb8 2533 jython_2.5.3-17.dsc 0155f6ced1fc7944cca5e0d153d6bd3bdc3c401c 21260 jython_2.5.3-17.debian.tar.xz 700257fceb071fb5e351388055cb6227a686f2bf 11813 jython_2.5.3-17_amd64.buildinfo Checksums-Sha256: ce6389f84fea63699099150500286cc4a507106cd65361fd683384ab26523cfc 2533 jython_2.5.3-17.dsc 8822a592ed061aa063b397c43f1ad2df60e49831aa4c19d7040b738f4caa7019 21260 jython_2.5.3-17.debian.tar.xz 15f9346a9ade5ab8d3663224ccbd6a8a2c249cd9934b219a4a883d79f11422c3 11813 jython_2.5.3-17_amd64.buildinfo Files: dd34311f711d2bcee3035123c9a3a172 2533 python optional jython_2.5.3-17.dsc 2b3a070f03aa7362c1330eacac64f483 21260 python optional jython_2.5.3-17.debian.tar.xz 868bd1ef9980ad6b1b5a88df3a700d2f 11813 python optional jython_2.5.3-17_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllEPLNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkBXcP/ihW+fFysmu1bvI/Q+K6rERhr7S6xjaP0AmD udUVwfhgSQeLMpLZLajnjbSSkizY/RGZZj7UYP8c1unCMf9G9R8Si0VznELo2a2Y EA7gxAL0FVtCDXFI6SFZ2E/+3nV8eG5ADrp/7sRnU0lvgSDopBxklT3PiNLmb8oY Sk4igvrEVMIyDIZ015dVM16/QQRz9C2PUTxfEnS0prwFA+lwfLOk5c4G95Q3H0sX 0cBWSfYb2c7deQR3m5axOm9JKLQVG1GVB9qrZbHwrfujxZFNrC3lJY+bNgxLV87r pL9iMExuMC1x9VytNgw/GrKvtJnbB7ZErkLBN12Rxt8ie5YpOBx0Stz+2SPThDSi yANe9QVcTNyIhJZH+tll2N4YoGXRPzOcxJTpG7aWTp1jYvb3tX+B5JqucrTiui9M crbq1H+XR06MYctOGuivMtLyEr2glimy30jBT6UvftvqD40KZJzTaD/hqvEURkVd p+zp5VYNFYTFRxHBNXMNc8/SST/dUJCZDl7UQP8YygSeMfRR3RMO9gumOy5ckcaK Bq+hz6VD+VH3ARzacpTF6F5ucnw9zmpHkcYzyEKRt5zmzuVuykQFhz+RRFhoKltT 6vsxjPqKiqEY55nlT8N6V5k9JGo2xRkIzKtb3wXsT1+QP5who2GvFSw5sj/XANHJ RjvldEsZ =sQu3 -----END PGP SIGNATURE-----
--- End Message ---
