Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Nov 2015 11:57:42 +0100
From: Jean-Baptiste Kempf <jb@...eolan.org>
To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com,
 Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: CVE request: BD-J implementation in libbluray

On 05/10/2015 11:21, Florian Weimer wrote:
> I don't know.  There is a BDJSecurityManager, but I'm not convinced it's
> sufficiently strict.  For instance, the checkPermission(Permission)
> method does not call checkWrite(String) for FilePermission objects at
> all.  This does not look right, but I'm not familiar with the finer
> points of Java sandboxing.

Confirmed as fixed in 0.9.1.

-- 
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ