Re: Security issue in groovy<2.5.0

To: Thorsten Glaser <t.glaser@tarent.de>
Cc: Emmanuel Bourg <ebourg@apache.org>, debian-java@lists.debian.org
Subject: Re: Security issue in groovy<2.5.0
From: Felix Natter <fnatter@gmx.net>
Date: Mon, 28 Aug 2017 19:03:39 +0200
Message-id: <[🔎] 87tw0rtyj8.fsf@bitburger.home.felix>
In-reply-to: <[🔎] alpine.DEB.2.20.1708270043190.20601@tglase.lan.tarent.de> (Thorsten Glaser's message of "Sun, 27 Aug 2017 00:43:58 +0200 (CEST)")
References: <[🔎] 87valmm50y.fsf@bitburger.home.felix> <[🔎] d6318a67-aeec-5ef8-de12-d20cccc361d1@apache.org> <[🔎] 87h8wuux0t.fsf@bitburger.home.felix> <[🔎] 0ebe9b8d-3152-5ac0-13e6-f0d173ac2415@apache.org> <[🔎] 87lgm6qktp.fsf@bitburger.home.felix> <[🔎] 874lsup4gv.fsf@bitburger.home.felix> <[🔎] alpine.DEB.2.20.1708270043190.20601@tglase.lan.tarent.de>

Thorsten Glaser <t.glaser@tarent.de> writes:

> On Sat, 26 Aug 2017, Felix Natter wrote:

hi Thorsten,

>> OTOH, this is for Debian unstable/testing...
>
> Debian unstable is where you upload things to that you expect
> to be part of the next Debian stable, and thus in an appropriate
> shape; it might make sense for experimental though?

This post is about considering to patch groovy-2.4 to fix a sandbox
escape in that version, which the groovy people did not want to patch in
2.4.x, but it will be part of 2.5.x.

I meant that we might consider using the patch on Debian
testing/unstable, because unlike upstream groovy 2.4.x it won't be used
in a stable environment soon (i.e. until 2.5.0 is released). Of course,
this might neglect Ubuntu releases.

Best Regards,
-- 
Felix Natter
debian/rules!

Reply to:

References:
- Security issue in groovy<2.5.0
  - From: Felix Natter <fnatter@gmx.net>
- Re: Security issue in groovy<2.5.0
  - From: Emmanuel Bourg <ebourg@apache.org>
- Re: Security issue in groovy<2.5.0
  - From: Felix Natter <fnatter@gmx.net>
- Re: Security issue in groovy<2.5.0
  - From: Emmanuel Bourg <ebourg@apache.org>
- Re: Security issue in groovy<2.5.0
  - From: Felix Natter <fnatter@gmx.net>
- Re: Security issue in groovy<2.5.0
  - From: Felix Natter <fnatter@gmx.net>
- Re: Security issue in groovy<2.5.0
  - From: Thorsten Glaser <t.glaser@tarent.de>

Prev by Date: VAT Consultants - Level Financials
Next by Date: Re: Why dependency on both default-jre and java<N>-runtime
Previous by thread: Re: Security issue in groovy<2.5.0
Next by thread: freeplane auto removal
Index(es):
- Date
- Thread