-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bsh Version : 2.0b4-12+deb6u1 CVE ID : CVE-2016-2510
A remote code execution vulnerability was found in BeanShell, an embeddable Java source interpreter with object scripting language features. CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands. For Debian 6 "Squeeze", these problems have been fixed in version 2.0b4-12+deb6u1. We recommend that you upgrade your bsh packages. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJW1FwTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkp78QALYrnVIaBJW3AAImW147+9Zf Jc8Y6bioIqoxPpGB5HeIAZ1D1eWq8qMIwNUQW4PCI18m/OzeUxHWYsJ30fzFowCg rervz9JbdA/a9fIZChwyNmvOfIiakrYIl9w6QXZF0FZyVcNEL+wwJsnIA5Mjdi/4 YaNfHkqxdKJ+Y6+kf9ftLUNZOeEQFaLyaUJqkMeIErRUZSKcn164HXS8Q/KgelSm SbMJ++6Ha/7PQGEwsO2uyu7CFkZlE5PirPvAQn9DrRaDzEigSqkHNdJVqpK7MBRY bxmZ2U5BcEFkwjJG8sTxYsGDRgvwvI3RJIu5Qxn5jFSvk1+Yac9uNyB6rd+1hb47 TyAkYikfcSh8DBV/epTxqFfJZuBviSEWa4cL7I0+ze+p397t2VCK/2Fz6J1rL2Qd YBB8T1wxZbQjtvp7JQTk6X0QN6owW23u5DPji1QnwoLr0UaV3thWUk5apE/o89/+ jpW+rfh+7AB3CZe8jDdzQvQL66ZHzIHBYATCMedxNReLVm7ZqJUJ8JDrs3qRua/C rgFDS5d1dQWNPfY3rM1EKyIUjsmm8M05K80Wf47hc6zuvNf2xYF1mE2LZkbFRtGX y92GQFUNgKiWzyhctiQIu//ubv5z4aYTEj5WHfNh7G0vSolgTbrmtsKU4v/zyEQE aKOrddNlAaRTtbzeBWts =aF56 -----END PGP SIGNATURE-----