From oss-security  Tue Nov 03 10:57:42 2015
From: Jean-Baptiste Kempf <jb () videolan ! org>
Date: Tue, 03 Nov 2015 10:57:42 +0000
To: oss-security
Subject: Re: [oss-security] CVE request: BD-J implementation in libbluray
Message-Id: <56389326.6000609 () videolan ! org>
X-MARC-Message: https://marc.info/?l=oss-security&m=144654828801360

On 05/10/2015 11:21, Florian Weimer wrote:
> I don't know.  There is a BDJSecurityManager, but I'm not convinced it's
> sufficiently strict.  For instance, the checkPermission(Permission)
> method does not call checkWrite(String) for FilePermission objects at
> all.  This does not look right, but I'm not familiar with the finer
> points of Java sandboxing.

Confirmed as fixed in 0.9.1.

-- 
Jean-Baptiste Kempf
http://www.jbkempf.com/ - +33 672 704 734
Sent from my Electronic Device