Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Nov 2015 11:57:42 +0100
From: Jean-Baptiste Kempf <jb@...eolan.org>
To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com,
 Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: CVE request: BD-J implementation in libbluray

On 05/10/2015 11:21, Florian Weimer wrote:
> I don't know.  There is a BDJSecurityManager, but I'm not convinced it's
> sufficiently strict.  For instance, the checkPermission(Permission)
> method does not call checkWrite(String) for FilePermission objects at
> all.  This does not look right, but I'm not familiar with the finer
> points of Java sandboxing.

Confirmed as fixed in 0.9.1.

-- 
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.