Your message dated Sun, 16 Jul 2017 18:33:20 +0000 with message-id <e1dwom4-0001rx...@fasolo.debian.org> and subject line Bug#864859: fixed in jython 2.5.3-16+deb9u1 has caused the Debian Bug report #864859, regarding jython: CVE-2016-4000: Unsafe deserialization leads to code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jython Version: 2.5.3-1 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: http://bugs.jython.org/issue2454 Hi, the following vulnerability was published for jython. CVE-2016-4000[0]: Unsafe deserialization leads to code execution If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4000 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000 [1] http://bugs.jython.org/issue2454 [2] https://hg.python.org/jython/rev/d06e29d100c0 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jython Source-Version: 2.5.3-16+deb9u1 We believe that the bug you reported is fixed in the latest version of jython, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated jython package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jun 2017 20:15:51 +0200 Source: jython Binary: jython jython-doc Architecture: source all Version: 2.5.3-16+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: jython - Python seamlessly integrated with Java jython-doc - Jython documentation including API docs Closes: 864859 Changes: jython (2.5.3-16+deb9u1) stretch-security; urgency=high . * Team upload. * Fix CVE-2016-4000: (Closes: #864859) Unsafe deserialization may lead to arbitrary code execution. Checksums-Sha1: d37e31e4c6deb86d20948e4338342ec5b2c53bbb 2561 jython_2.5.3-16+deb9u1.dsc fb2329935da29375f6c58e80c361a22fef1ce694 5731140 jython_2.5.3.orig.tar.bz2 e6020678c7c7f624accb715947fab9deb8d072de 21164 jython_2.5.3-16+deb9u1.debian.tar.xz a73e4a7b9df653ff34340b8f43d83c0619ddcaed 563962 jython-doc_2.5.3-16+deb9u1_all.deb 63b4688d2dc37c681ce9fdc35c9b09698909b045 6883788 jython_2.5.3-16+deb9u1_all.deb 22a73fe4f4e2dfd7b72474b079e9d510c70dc00c 11883 jython_2.5.3-16+deb9u1_amd64.buildinfo Checksums-Sha256: 5d022341bee24af370fdfa5170a5fa4f3520d9ee7f5338ff6258cbde62e0190d 2561 jython_2.5.3-16+deb9u1.dsc f65ba40098f9312ed487219e64c4ea01fecad927411b1a72dc1d8cadf0ddc947 5731140 jython_2.5.3.orig.tar.bz2 c98216583f02bc15f15f8062375def51ffa0ab3eba9f093ce2ec82d764f30120 21164 jython_2.5.3-16+deb9u1.debian.tar.xz 5b70cc20633dea570d0dc5ce45a93b8eed5f45faaf81289aa083bb1d1de8da99 563962 jython-doc_2.5.3-16+deb9u1_all.deb c0958f8f09671679a2aebc1f9bb1637d05592ba6a4f0021eac5bd14afbf6ba67 6883788 jython_2.5.3-16+deb9u1_all.deb 2526b35d26110ff9dd55c2c8a3e5a896d71653db538649bae20b0e2d84683a7b 11883 jython_2.5.3-16+deb9u1_amd64.buildinfo Files: 0ae8081e0e09d3b6c10811d5d9b10bb0 2561 python optional jython_2.5.3-16+deb9u1.dsc 2e4210614f20aa3cbcef9031601679b7 5731140 python optional jython_2.5.3.orig.tar.bz2 be58bebf7d9f27a872486bb77056f8d6 21164 python optional jython_2.5.3-16+deb9u1.debian.tar.xz 32bd1ac7fc7edf2bc69010463053bf1f 563962 doc optional jython-doc_2.5.3-16+deb9u1_all.deb 7b2af3e0616e67f5434a45675400f8e9 6883788 python optional jython_2.5.3-16+deb9u1_all.deb 9ed01506863ba9804848696ed195f4f9 11883 python optional jython_2.5.3-16+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllKu1hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkr6AP/i0Fb4062DEPtE7bawo62Bbt8ipsSbu5HOJf y64joSCpyzhqSkn7NZCa4AZvZ0DnltAiDzo9kMM5f6yjjTeyMwho/FF0QkxTSxMm 908wzIhwRobBNve6XwLTcF62ls8GRiIGOIL+QAYW1ejmKBrRTR6xKRc2UTIGtJoj 99hOyFsp08G1Tqo4T1EqymyEqKo6ibl0bCfolGW4lVMls+ttm1xJ1rvbLyWQVIpl HYGRiceyD2weZtpA3Oac3JmpxUiNWXlhLAWJe2OXWLaCE5A1ztyOEzcpdW5Yh1dt p1sEthw8cO64RnlYs+PwZ7XMU/25oVEphDtuKCqex3ikEIcAGBqpRiFVXnK8q7k2 SxCksMo2E0FV9k6gnkcuOIe6Y1E6ZFsjF98FLVdDn0UlIu57n4HUea857GNrf30Y q45gYTrKeB02rYbA51Cg5418wR2QoBuK1Ezb2tDHR/GVe22MhYcQ1XZqQlhb1DNG DQYPIkdmR+LcFMwxFLOwuD5qZoi9a2tj6ImJnb6BBfObnB8beA6GaIcDGHUKGstR UQucmJJ1Xlne0y2CrnSKCD1CXrS/0xGfOrnV5q9bPVKtcsPFM5fb0dKDueKoDSAV wgxXyAeO6fVKEIwmgjlN9xEZvre1Jx3WqCWWpPGoyne6T4ZwJdVcY9ycDsSmUw+e 03MtRN26 =0vI9 -----END PGP SIGNATURE-----
--- End Message ---
