Candidate: CVE-2016-4000
PublicDate: 2017-07-06 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000
Description:
 Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a
 crafted serialized PyFunction object.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.jython.org/issue2454
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_jython:
 upstream: https://hg.python.org/jython/rev/d06e29d100c0
upstream_jython: needed
precise/esm_jython: DNE
trusty_jython: released (2.5.3-1ubuntu0.1)
trusty/esm_jython: DNE (trusty was released [2.5.3-1ubuntu0.1])
vivid/ubuntu-core_jython: DNE
xenial_jython: released (2.5.3-9ubuntu0.1)
yakkety_jython: ignored (reached end-of-life)
zesty_jython: released (2.5.3-15ubuntu0.1)
devel_jython: released (2.5.3-17ubuntu1)