Bug#857343: Pending fixes for bugs in the logback package
pkg-java-maintainers at lists.alioth.debian.org
pkg-java-maintainers at lists.alioth.debian.org
Fri Apr 7 14:27:32 UTC 2017
tag 857343 + pending
thanks
Some bugs in the logback package are closed in revision
d88f6cd125cb5e9f7965f29b27ec05b5239ca40b in branch ' jessie' by
Markus Koschany
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/logback.git/commit/?id=d88f6cd
Commit message:
Import Debian changes 1:1.1.2-1+deb8u1
logback (1:1.1.2-1+deb8u1) jessie; urgency=high
* Team upload.
* Fix CVE-2017-5929:
It was discovered that logback, a flexible logging library for Java, would
deserialize data from untrusted sockets. This issue has been resolved by
adding a whitelist to use only trusted classes. (Closes: #857343)
More information about the pkg-java-maintainers
mailing list