Bug#857343: Pending fixes for bugs in the logback package

pkg-java-maintainers at lists.alioth.debian.org pkg-java-maintainers at lists.alioth.debian.org
Fri Apr 7 22:16:20 UTC 2017


tag 857343 + pending
thanks

Some bugs in the logback package are closed in revision
febe22ba76de74fbf5238b5f245dcb3fcf151d0d in branch '  wheezy' by
Markus Koschany

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/logback.git/commit/?id=febe22b

Commit message:

    Import Debian changes 1:1.0.4-1+deb7u1
    
    logback (1:1.0.4-1+deb7u1) wheezy-security; urgency=high
    
      * Team upload.
      * Fix CVE-2017-5929:
        It was discovered that logback, a flexible logging library for Java, would
        deserialize data from untrusted sockets. This issue has been resolved by
        adding a whitelist to use only trusted classes. (Closes: #857343)
    
    logback (1:1.0.4-1) unstable; urgency=low
    
      * New upstream release.
      * d/control: Update Standards-Version to 3.9.3: no changes needed.
      * d/copyright: Upgrade to copyright-format 1.0.



More information about the pkg-java-maintainers mailing list