Bug#860489: apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability
Emmanuel Bourg
ebourg at apache.org
Tue Apr 18 13:49:58 UTC 2017
Le 17/04/2017 à 21:20, Salvatore Bonaccorso a écrit :
> the following vulnerability was published for apache-log4j2.
>
> CVE-2017-5645[0]:
> Apache Log4j socket receiver deserialization vulnerability
Hi Salvatore,
The vulnerability has been fixed in unstable. liblog4j2-java isn't used
in jessie, this CVE can be ignored there.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list