subject:"Bug#851408\: CVE\-2016\-6814"

Bug#851408: CVE-2016-6814

2017-01-15 Thread Emmanuel Bourg

Le 14/01/2017 à 16:59, Moritz Muehlenhoff a écrit :
> Source: groovy
> Severity: grave
> Tags: security
> 
> Hi,
> please see http://seclists.org/oss-sec/2017/q1/92
> 
> Cheers,
> Moritz

Hi Moritz,

Thank you for the info. Note that Groovy isn't to blame for this kind of
serialization issue, the real issue is applications relying on
serialization and not sanitizing the input data (i.e. applications
should whitelist the classes allowed to be deserialized, it's impossible
to use Java serialization securely otherwise).

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#851408: CVE-2016-6814

2017-01-14 Thread Moritz Muehlenhoff

Source: groovy
Severity: grave
Tags: security

Hi,
please see http://seclists.org/oss-sec/2017/q1/92

Cheers,
Moritz

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#851408: CVE-2016-6814

Bug#851408: CVE-2016-6814

2 matches

Site Navigation

Mail list logo

Footer information