Source: jython Version: 2.5.2-1 Severity: important Tags: security upstream
Hi Several issues were mentioned in Red Hat Bugzilla at [0] referencing the issue which creates executables class files with wrong permissions with CVE-2013-2027. At least it seems present in the Debian package that the package writes to /usr/share. In the SuSE bugzilla[1] there are some links to fixes applied in SuSE[2]. Could you please double-check the jython package in Debian? [0] https://bugzilla.redhat.com/show_bug.cgi?id=947949 [1] https://bugzilla.novell.com/show_bug.cgi?id=916224 [2] https://build.opensuse.org/request/show/284056 Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.