1
Candidate: CVE-2016-6814
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6814
5
http://www.openwall.com/lists/oss-security/2017/01/14/3
7
When an application with unsupported Codehaus versions of Groovy from 1.7.0
8
to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java
9
serialization mechanisms, e.g. to communicate between servers or to store
10
local data, it was possible for an attacker to bake a special serialized
11
object that will execute code directly when deserialized. All applications
12
which rely on serialization and do not isolate the code which deserializes
13
objects were subject to this vulnerability.
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851408
23
upstream_groovy: released (2.4.8-1)
24
precise_groovy: ignored (reached end-of-life)
25
precise/esm_groovy: DNE (precise was needed)
27
vivid/stable-phone-overlay_groovy: DNE
28
vivid/ubuntu-core_groovy: DNE
30
yakkety_groovy: ignored (reached end-of-life)
31
zesty_groovy: not-affected (2.4.8-1)
32
artful_groovy: not-affected (2.4.8-1)
33
bionic_groovy: not-affected (2.4.8-1)
34
devel_groovy: not-affected (2.4.8-1)
37
upstream_groovy2: needs-triage
39
precise/esm_groovy2: DNE
41
vivid/stable-phone-overlay_groovy2: DNE
42
vivid/ubuntu-core_groovy2: DNE
43
xenial_groovy2: needed