[CVEs] Creates executables class files with wrong permissions, Unsafe deserialization leads to code execution
Bug #1714728 reported by
Simon Quigley
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| jython (Ubuntu) |
Fix Released
|
Medium
|
Simon Quigley | ||
| Trusty |
Fix Released
|
High
|
Simon Quigley | ||
| Xenial |
Fix Released
|
High
|
Simon Quigley | ||
| Zesty |
Fix Released
|
High
|
Simon Quigley | ||
| Artful |
Fix Released
|
Medium
|
Simon Quigley | ||
Bug Description
This aims to fix two CVEs:
- CVE-2013-2027: Creates executables class files with wrong permissions
- CVE-2016-4000: Unsafe deserialization leads to code execution
While CVE-2013-2027 is not shown as fixed in Debian and Red Hat, it is fixed in OpenSUSE (openSUSE-
CVE-2016-4000 was fixed in Debian in 2.5.3-17, and that's in Artful, but we still need fixes for Trusty, Xenial, and Zesty.
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #1 |
| Changed in jython (Ubuntu Trusty): | |
| importance: | Undecided → High |
| Changed in jython (Ubuntu Xenial): | |
| importance: | Undecided → High |
| Changed in jython (Ubuntu Zesty): | |
| importance: | Undecided → High |
| Changed in jython (Ubuntu Artful): | |
| importance: | Undecided → Medium |
| Changed in jython (Ubuntu Trusty): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in jython (Ubuntu Xenial): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in jython (Ubuntu Zesty): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in jython (Ubuntu Artful): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in jython (Ubuntu Trusty): | |
| status: | New → In Progress |
| Changed in jython (Ubuntu Xenial): | |
| status: | New → In Progress |
| Changed in jython (Ubuntu Zesty): | |
| status: | New → In Progress |
| Changed in jython (Ubuntu Artful): | |
| status: | New → In Progress |
| Changed in jython (Ubuntu Trusty): | |
| milestone: | none → trusty-updates |
| Changed in jython (Ubuntu Xenial): | |
| milestone: | none → xenial-updates |
| Changed in jython (Ubuntu Zesty): | |
| milestone: | none → zesty-updates |
| Changed in jython (Ubuntu Artful): | |
| milestone: | none → ubuntu-17.09 |
| tags: | added: artful trusty xenial zesty |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #2 |
| Changed in jython (Ubuntu Artful): | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in jython (Ubuntu Artful): | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #4 |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #5 |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #7 |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #8 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #9 |
| Changed in jython (Ubuntu Xenial): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #10 |
| Changed in jython (Ubuntu Trusty): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #11 |
| Changed in jython (Ubuntu Zesty): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #12 |
To post a comment you must log in.
Since CVE-2016-4000 is High priority, marking as High priority in all releases affected, marking as Medium in Artful.