Date: Tue, 3 Nov 2015 11:57:42 +0100 From: Jean-Baptiste Kempf <jb@...eolan.org> To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com, Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: CVE request: BD-J implementation in libbluray On 05/10/2015 11:21, Florian Weimer wrote: > I don't know. There is a BDJSecurityManager, but I'm not convinced it's > sufficiently strict. For instance, the checkPermission(Permission) > method does not call checkWrite(String) for FilePermission objects at > all. This does not look right, but I'm not familiar with the finer > points of Java sandboxing. Confirmed as fixed in 0.9.1. -- Jean-Baptiste Kempf http://www.jbkempf.com/ - +33 672 704 734 Sent from my Electronic Device
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.