[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-17571 as EOL in Jessie LTS, adding reference in src:debian-security-support.

Chris Lamb lamby at debian.org
Sat Dec 28 14:40:06 GMT 2019 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1ca10d0 by Chris Lamb at 2019-12-28T14:39:53Z
Mark CVE-2019-17571 as EOL in Jessie LTS, adding reference in src:debian-security-support.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13849,6 +13849,7 @@ CVE-2019-17572
 	RESERVED
 CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...)
 	- apache-log4j1.2 <unfixed> (bug #947124)
+	[jessie] - apache-log4j1.2 <end-of-life> (https://salsa.debian.org/debian/debian-security-support/commit/4acf9529dc88fddf60bfa56bb464f9aac703797d)
 	NOTE: https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
 	NOTE: CVE-2019-17571 correspond to CVE-2017-5645 for apache-log4j2. 1.2.x branch
 	NOTE: is end-of-life upstream and does not recieve a fix for this issue. Users


=====================================
data/dla-needed.txt
=====================================
@@ -15,10 +15,6 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
-apache-log4j1.2 (Chris Lamb)
-  NOTE: 20191221: Someone with more Java knowledge, please consider eol'ing this package
-  NOTE: 20191221: as recommended for oldstable by the secteam. (sunweaver)
---
 clamav (Hugo Lefeuvre)
   NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ca10d0bca216b2949513be984450dc18210770

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ca10d0bca216b2949513be984450dc18210770
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191228/86335e74/attachment.html>

More information about the debian-security-tracker-commits mailing list