Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68865 - [groovy] [Security] privilege escalation (CVE-2020-17521)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Sunday, 06 December 2020, 09:59 GMT
Last edited by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:07 GMT
Opened by Jonas Witschel (diabonas) - Sunday, 06 December 2020, 09:59 GMT
Last edited by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:07 GMT
|
DetailsSummary
======= The package groovy is vulnerable to privilege escalation via CVE-2020-17521. Guidance ======== Updating to the latest version 3.0.7 or to version 2.5.14 from the previous stable branch fixes the issue. References ========== https://security.archlinux.org/AVG-1325 https://issues.apache.org/jira/browse/GROOVY-9824 https://github.com/apache/groovy/commit/98dc5d713926cd81b006c510a1546ccd520fe17f |
This task depends upon
Closed by Jonas Witschel (diabonas)
Thursday, 18 March 2021, 12:07 GMT
Reason for closing: Fixed
Additional comments about closing: groovy 2.5.14-1 in [community], 3.0.7-1 in [community-testing]
Thursday, 18 March 2021, 12:07 GMT
Reason for closing: Fixed
Additional comments about closing: groovy 2.5.14-1 in [community], 3.0.7-1 in [community-testing]