Your message dated Sat, 21 May 2016 13:17:30 +0000 with message-id <e1b46my-0005wv...@franck.debian.org> and subject line Bug#793397: fixed in groovy 1.8.6-1+deb7u1 has caused the Debian Bug report #793397, regarding Remote execution of untrusted code, DoS (CVE-2015-3253) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 793397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793397 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: groovy Version: 1.8.6-1 Severity: grave Tags: security upstream cpnrodzc7, working with HP's Zero Day Initiative, discovered that Java applications using standard Java serialization mechanisms to decode untrusted data, and that have Groovy on their classpath, can be passed a serialized object that will cause the application to execute arbitrary code. This is issue has been marked as fixed in Groovy 2.4.4 and a standalone security patch has been made available. CVE-2015-3253 has been assigned to this issue. Please mention it in the changelog when fixing the issue. References: * Bulletin http://seclists.org/bugtraq/2015/Jul/78 * Security update http://groovy-lang.org/security.html * Fixing commit (on 2.4.x branch) https://github.com/apache/incubator-groovy/commit/09e9778e8a33052d8c27105aee5310649637233d -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: groovy Source-Version: 1.8.6-1+deb7u1 We believe that the bug you reported is fixed in the latest version of groovy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Miguel Landaeta <nomad...@debian.org> (supplier of updated groovy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 25 Jul 2015 19:59:19 -0300 Source: groovy Binary: groovy groovy-doc Architecture: source all Version: 1.8.6-1+deb7u1 Distribution: oldstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Miguel Landaeta <nomad...@debian.org> Description: groovy - Agile dynamic language for the Java Virtual Machine groovy-doc - Agile dynamic language for the Java Virtual Machine (documentatio Closes: 793397 Changes: groovy (1.8.6-1+deb7u1) oldstable; urgency=high . * Fix remote execution of untrusted code and possible DoS vulnerability. (CVE-2015-3253) (Closes: #793397). Checksums-Sha1: dda189e2339ea66215c51d6dac3de2ca0af9128c 2451 groovy_1.8.6-1+deb7u1.dsc 38514ca88cb214e50b252720c737233f67507968 2794777 groovy_1.8.6.orig.tar.gz b7b660024eb3a776d237ebeec237763b3664d1c2 14625 groovy_1.8.6-1+deb7u1.debian.tar.gz 6210f1cfc2d05384d934727e6c12a60adad492c5 10443016 groovy_1.8.6-1+deb7u1_all.deb 85a313f77909ed19601fd87e12f0d146120e4698 4721506 groovy-doc_1.8.6-1+deb7u1_all.deb Checksums-Sha256: 927294373f44def677f717fd5353a15b2ab68821d5c6a6c83468de0e34164750 2451 groovy_1.8.6-1+deb7u1.dsc 15bffe8a0432c7f316511d7259837f5fe4d4126acbc5ba8eaa2c39409e98646f 2794777 groovy_1.8.6.orig.tar.gz d0b026d7e5f39c10791c4096f3ab466693bcd8d0057a30e23ea899fe9d096cbf 14625 groovy_1.8.6-1+deb7u1.debian.tar.gz a9025b350f79dd62c995cfc5a241178e920e35184ce24276ef4607cbacffbbdb 10443016 groovy_1.8.6-1+deb7u1_all.deb 6164f5346edc8647f9c76196d8d15f511749c3cd28e1dad2cbd77105ae4b70fa 4721506 groovy-doc_1.8.6-1+deb7u1_all.deb Files: b26586221fade3eeff2f3f9fd4069b5e 2451 java optional groovy_1.8.6-1+deb7u1.dsc eaf00260343f91da32a2aea900f7aa24 2794777 java optional groovy_1.8.6.orig.tar.gz eede44ff2da6e9a6c9f5dc09c6c3a7d8 14625 java optional groovy_1.8.6-1+deb7u1.debian.tar.gz 9ce564761befc2add82abb23a6ff59e1 10443016 java optional groovy_1.8.6-1+deb7u1_all.deb 9fb257ff3fa7d91ecad6b6aca4a5cf78 4721506 doc optional groovy-doc_1.8.6-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV0kcnAAoJEGIODQuJV82lRfgP/ipZgzjVeaYJeCIYYWK1JAQE n/JzFouZSZpYCQ5ml/00j67KPMhxr8pRoKw4KKm3+Ft5IHfE8plwpHEgS83nAxcT FVnjdJmUcvbUEpomRsd2rg8h2qxt4W86EHgC8zKV3p0kDrpkwY1s4U8P6IQZ4hvD EMjnZnI20OYVa7WMMzBiL/Pwe902vxkZkJvR3hSiaIeQJa1ZW9mE+XbirX2BfBQr jWQ99Krxj+kq73qETvofKfIOajbnyeqZzF6mqEEatsY9dsRyNhGAkCTg3rcS3qS9 gZfAHh0DgqpZ49bb8MGbpnK5rQkPE2gehlhZVo3kEZfte0Cr5wix9b4UyezyhBs6 UcN/MKaAUrS0SKelPkq3LSwEtkbt+t7qO+0xjI6y4JDSFiznvHMQCKt1e7CcXVmO el6PYJEz18UwLy4iIEZImGUIF6NfRrCn2vRH+I+fqi3bnMQ/ngx8VfP9HDvgxIbu I07N6a+fWNksw9qD9HicSPnDow5DipVy7q4i7HppOXGFRe9If1z+bYCyclvbSUE2 rfkgMw+j1HWZdEJVqFlZ1xfE8NqE4w+mCPCZ9hmtDszD8tQG1TbZmeY92MCKUQHl DGAJhW6uQ0eaKqHAzhRkRFebw6MHbFqvSzupffwkuwJZUvTWh8ZirKA7Hbkc03qp 3E9WfCy7z34bGRmarDrb =qhwu -----END PGP SIGNATURE-----
--- End Message ---
