CVE-2019-11065

Priority
Description
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download
dependencies when the built-in JavaScript or CoffeeScript Gradle plugins
are used. Dependency artifacts could have been maliciously compromised by a
MITM attack against the ajax.googleapis.com web site.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4.4.1-10)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4.4.1-10)
Patches:
Upstream:https://github.com/gradle/gradle/commit/7ee79e7e41ec0d4cdb206dc849b2c5b7be7b1854
More Information

Updated: 2020-07-28 18:53:48 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)