Date: Tue, 3 Nov 2015 11:57:42 +0100 From: Jean-Baptiste Kempf <jb@...eolan.org> To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com, Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: CVE request: BD-J implementation in libbluray On 05/10/2015 11:21, Florian Weimer wrote: > I don't know. There is a BDJSecurityManager, but I'm not convinced it's > sufficiently strict. For instance, the checkPermission(Permission) > method does not call checkWrite(String) for FilePermission objects at > all. This does not look right, but I'm not familiar with the finer > points of Java sandboxing. Confirmed as fixed in 0.9.1. -- Jean-Baptiste Kempf http://www.jbkempf.com/ - +33 672 704 734 Sent from my Electronic Device
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ