Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Nov 2015 11:57:42 +0100
From: Jean-Baptiste Kempf <>
To: Florian Weimer <>,,
 Assign a CVE Identifier <>
Subject: Re: CVE request: BD-J implementation in libbluray

On 05/10/2015 11:21, Florian Weimer wrote:
> I don't know.  There is a BDJSecurityManager, but I'm not convinced it's
> sufficiently strict.  For instance, the checkPermission(Permission)
> method does not call checkWrite(String) for FilePermission objects at
> all.  This does not look right, but I'm not familiar with the finer
> points of Java sandboxing.

Confirmed as fixed in 0.9.1.

Jean-Baptiste Kempf - +33 672 704 734
Sent from my Electronic Device

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.