Package: bsh / 2.0b4-19

Metadata

Package Version Patches format
bsh 2.0b4-19 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_EnableBsfAdapter_buildXml.patch | (download)

build.xml | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 build without the bsf adapter.
02_GNUvms_workaround.patch | (download)

src/bsh/Console.java | 26 17 + 9 - 0 !
1 file changed, 17 insertions(+), 9 deletions(-)

 insert a work around for gnu jvms to use an awt based gui instead
 of swing.
04_fix_typo.patch | (download)

src/bsh/BshClassManager.java | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fixes a typo.
05_link_javadoc.patch | (download)

build.xml | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 link the javadoc against system installed javadocs.
CVE 2016 2510.patch | (download)

src/bsh/XThis.java | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 cve-2016-2510

An application that includes BeanShell on the classpath may be vulnerable if
another part of the application uses Java serialization or XStream to
deserialize data from an untrusted source.

A vulnerable application could be exploited for remote code execution,
including executing arbitrary shell commands.

https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced

07_java9_compatibility.patch | (download)

src/bsh/util/AWTConsole.java | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 fixes the build failure with java 9