Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion
Markus Koschany
apo at debian.org
Sat Dec 18 14:30:16 GMT 2021
Control: owner -1 !
Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso:
> Source: apache-log4j2
> Version: 2.16.0-1
> Severity: grave
> Tags: security upstream
> Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team
> <team at security.debian.org>
> Control: found -1 2.16.0-1~deb11u1
> Control: found -1 2.16.0-1~deb10u1
>
> Hi,
>
> The following vulnerability was published for apache-log4j2, again
> less stronger impact.
>
> CVE-2021-45105[0]:
> > Certain strings can cause infinite recursion
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Thanks for the report. I hope we are not going to see a new log4j CVE every
week now...
I can prepare the security update for Buster and Bullseye again.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20211218/06839b54/attachment.sig>
More information about the pkg-java-maintainers
mailing list