Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68865 - [groovy] [Security] privilege escalation (CVE-2020-17521)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Sunday, 06 December 2020, 09:59 GMT
Opened by Jonas Witschel (diabonas) - Sunday, 06 December 2020, 09:59 GMT
|
DetailsSummary
======= The package groovy is vulnerable to privilege escalation via CVE-2020-17521. Guidance ======== Updating to the latest version 3.0.7 or to version 2.5.14 from the previous stable branch fixes the issue. References ========== https://security.archlinux.org/AVG-1325 https://issues.apache.org/jira/browse/GROOVY-9824 https://github.com/apache/groovy/commit/98dc5d713926cd81b006c510a1546ccd520fe17f |
This task depends upon