CVE-2013-2027

Published: 13 February 2015

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

Priority

Status

Package	Release	Status
jython Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	trusty	Released (2.5.3-1ubuntu0.1)
	upstream	Needs triage
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Released (2.5.3-9ubuntu0.1)
	yakkety	Ignored (end of life)
	zesty	Released (2.5.3-15ubuntu0.1)

References

https://www.cve.org/CVERecord?id=CVE-2013-2027
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›