Bug#857343: #857343: logback deserialization vulnerability
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 28 18:02:00 UTC 2017
Hi Markus,
On Tue, Mar 28, 2017 at 05:51:38PM +0200, Markus Koschany wrote:
> Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso:
> [...]
> > There apparently was a mistake on triaging CVE-2017-5929.
> >
> > This should be:
> > https://security-tracker.debian.org/tracker/CVE-2017-5929
> >
> > I fixed the tracker entry and it should display the correct
> > information on the next update.
>
> Thank you. I am going to fix this bug in a few minutes. Do you think
> this bug warrants a DSA or do you prefer that I get in contact with the
> release team?
So, should be not necessary to release a DSA for it. Can you please
update logback via an upcoming point release?
Thanks again, and regards,
Salvatore
More information about the pkg-java-maintainers
mailing list