-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : groovy Version : 1.8.6-1+deb7u2 CVE ID : CVE-2016-6814 Debian Bug : 851408
It was found that a flaw in Apache Groovy, a dynamic language for the Java Virtual Machine, allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. For Debian 7 "Wheezy", these problems have been fixed in version 1.8.6-1+deb7u2. We recommend that you upgrade your groovy packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliFM+VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRDdw//VHrF7eh75fZFqdTzEooqSYk1vtmDHpMZhEXNZiJQsUKMd/x4re2zbYws CQ4+8hPRBzbk5j7DiRUEsYBoUrpTSoqcL4Guy3K7J7CD4Hj4C183lRoNOyEEWbR0 ApGqreYkm1jPjOzCJ8024BYnF+IbeyeuuzTuwFm2LbJmTFhG6XnSJLAYlN5+Dft5 8OTwZ0JqH7cQu6lJz4XJL20yCwTr7fhLHhgoYv7k5deP9mS6LD1f3xjPF4gOckEa Jq1LAIPTOMI7MIwtcZeko7krENq3no1R5rVBitfC+w5aegi25+DHG1MJfvx4Uj0o mK2SWfhJCFJka6KOWltPm5XQvSuHAtsW9xEIfyTpP+KJ3XnBW9TuBdL8y8UFTgs5 PTtgobeUQEOXDFA8cTuRZIfWtUb96vAsjcHO7JVK5lCMjK+N0jpVI0qNQJ/Fksc9 KK4Zi+zuyZq3SqyPhBCOlKs0CpA4yvqSooj8VS1HsDaa5CjzM+vHniRGuIfLmqTS FVUmd9i1IjN9XFT5vG1zGqaRB5TGr4/iYwYvO183KWDv3fVmjdbR1ZiojP8om+hV cFky6wlfYpxnxKDF8UOhAPrK2Kgoz4N7ZQIa0+XTHH3a3fI4LTY6PUTTSyCKX5fw TTCe36twHNVd8oq6jRJa/g+qO1R4INfUroEuxdWrEnqPUY+I0CE= =TaXB -----END PGP SIGNATURE-----
