Candidate: CVE-2015-3253
PublicDate: 2015-08-13 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
 http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
 http://groovy-lang.org/security.html
Description:
 The MethodClosure class in runtime/MethodClosure.java in Apache Groovy
 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or
 cause a denial of service via a crafted serialized object.
Ubuntu-Description:
Notes:
 ebarretto> groovy in Xenial is currently FTBFS. Also there's no more support
 ebarretto> from upstream to that version (1.8.6)
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793397
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793398
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_groovy:
upstream_groovy: released (2.4.3)
precise_groovy: ignored (reached end-of-life)
precise/esm_groovy: DNE (precise was needed)
trusty_groovy: ignored (reached end-of-life)
trusty/esm_groovy: DNE (trusty was needed)
vivid_groovy: ignored (reached end-of-life)
vivid/stable-phone-overlay_groovy: DNE
vivid/ubuntu-core_groovy: DNE
wily_groovy: ignored (reached end-of-life)
xenial_groovy: ignored (end of standard support, was needed)
yakkety_groovy: ignored (reached end-of-life)
zesty_groovy: ignored (reached end-of-life)
artful_groovy: ignored (reached end-of-life)
bionic_groovy: not-affected (2.4.15-1ubuntu1)
cosmic_groovy: not-affected (2.4.15-1ubuntu1)
disco_groovy: not-affected (2.4.15-1ubuntu1)
eoan_groovy: not-affected (2.4.15-1ubuntu1)
focal_groovy: not-affected (2.4.15-1ubuntu1)
groovy_groovy: not-affected (2.4.15-1ubuntu1)
hirsute_groovy: not-affected (2.4.15-1ubuntu1)
impish_groovy: not-affected (2.4.15-1ubuntu1)
jammy_groovy: not-affected (2.4.15-1ubuntu1)
devel_groovy: not-affected (2.4.15-1ubuntu1)

Patches_groovy2:
upstream_groovy2: released (2.2.2+dfsg-5)
precise_groovy2: DNE
precise/esm_groovy2: DNE
trusty_groovy2: DNE
trusty/esm_groovy2: DNE
vivid_groovy2: ignored (reached end-of-life)
vivid/stable-phone-overlay_groovy2: DNE
vivid/ubuntu-core_groovy2: DNE
wily_groovy2: ignored (reached end-of-life)
xenial_groovy2: not-affected (2.5.4-1)
yakkety_groovy2: DNE
zesty_groovy2: DNE
artful_groovy2: DNE
bionic_groovy2: DNE
cosmic_groovy2: DNE
disco_groovy2: DNE
eoan_groovy2: DNE
focal_groovy2: DNE
groovy_groovy2: DNE
hirsute_groovy2: DNE
impish_groovy2: DNE
jammy_groovy2: DNE
devel_groovy2: DNE