Bug#1001478: apache-log4j2: CVE-2021-44228:: Remote code injection via crafted log messages
Markus Koschany
apo at debian.org
Sat Dec 11 18:57:01 GMT 2021
Am Samstag, dem 11.12.2021 um 10:52 -0800 schrieb tony mancill:
> On Fri, Dec 10, 2021 at 10:42:24PM +0100, Markus Koschany wrote:
> > Control: owner -1 !
> >
> > I am currently investigating the fix for CVE-2021-44228.
>
> Hi Markus,
>
> Thank you both for the quick turn-around on this and for claiming
> ownership of the bug in the BTS. I had started looking at the update
> and appreciate that we were able to avoid duplication of effort.
>
> Cheers,
> tony
Hi tony,
sure, anytime. The fix for Bullseye and Buster will be released shortly.
Cheers,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20211211/569c870d/attachment.sig>
More information about the pkg-java-maintainers
mailing list