On 2007-11-02, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > It was reported to the Security Team, that groovy embeds a lot of packages, > several of them security-sensitive: > > /usr/share/groovy/lib/axion-1.0-M3-dev.jar > /usr/share/groovy/lib/commons-collections-3.0-dev2.jar > /usr/share/groovy/lib/commons-httpclient-2.0.1.jar > /usr/share/groovy/lib/nekohtml-0.7.7.jar > /usr/share/groovy/lib/openejb-loader-0.9.2.jar > /usr/share/groovy/lib/qdox-1.3.jar > /usr/share/groovy/lib/radeox-0.9.jar > /usr/share/groovy/lib/radeox-oro-0.9.jar > /usr/share/groovy/lib/xerces-2.4.0.jar > /usr/share/groovy/lib/xml-apis-1.0.b2.jar > /usr/share/groovy/lib/servlet-2.3.jar > /usr/share/groovy/lib/regexp.jar > /usr/share/groovy/lib/mx4j.jar > /usr/share/groovy/lib/mockobjects-core.jar > /usr/share/groovy/lib/junit.jar > /usr/share/groovy/lib/commons-logging.jar > /usr/share/groovy/lib/commons-cli.jar > /usr/share/groovy/lib/classworlds-1.0.jar > /usr/share/groovy/lib/bsf.jar > /usr/share/groovy/lib/asm-util.jar > /usr/share/groovy/lib/asm.jar > /usr/share/groovy/lib/asm-attrs.jar > /usr/share/groovy/lib/asm-analysis.jar > > Since it's in contrib, it's not security-supported, but given the state of it > (outdated, > hardly any users) it should likely be just removed?
Unless anyone objects within the next days, I'll file an RM bug. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]