[Bugs] [Bug 13526] New: [CVE 21] groovy 2.4.8 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13526

          Platform: 2021.1
            Bug ID: 13526
           Summary: [CVE 21] groovy 2.4.8  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2020-17521,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package groovy version 2.4.8

INFO (CVEs are): groovy 2.4.8
 cves found
CVE-2020-17521
Desc: Apache Groovy provides extension methods to aid with creating temporary
directories. Prior to this fix, Groovy's implementation of those extension
methods was using a now superseded Java JDK method call that is potentially not
secure on some operating systems in some contexts. Users not using the
extension methods mentioned in the advisory are not affected, but may wish to
read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0
to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14,
3.0.7, 4.0.0-alpha-2.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-17521
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/37bc29dc/attachment.html>