Package : groovy Version : 1.7.0-4+deb6u1 CVE ID : CVE-2015-3253 cpnrodzc7, working with HP's Zero Day Initiative, discovered that Java applications using standard Java serialization mechanisms to decode untrusted data, and that have Groovy on their classpath, can be passed a serialized object that will cause the application to execute arbitrary code. For the oldoldstable distribution (squeeze), this problem has been fixed in version 1.7.0-4+deb6u1. For the oldstable distribution (wheezy) and stable distribution (jessie), this problem will be fixed soon. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part