Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302
Christoph Anton Mitterer
calestyo at scientia.org
Mon Nov 28 18:13:40 GMT 2022
Hey.
I've just installed this again on some node, and for some reason apt-
listbugs still shows it as open:
# aptitude
Performing actions...
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
grave bugs of liblog4j1.2-java (→ 1.2.17-10+deb11u1) <Resolved in some Version>
b1 - #1004482 - liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 (Fixed: apache-log4j1.2/1.2.17-11)
Summary:
liblog4j1.2-java(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...]
But that's the one now installed:
liblog4j1.2-java 1.2.17-10+deb11u1
which, AFAIU should contain the fixes, right?
Does it need a:
Control: fixed -1 1.2.17-10+deb11u1
?
Cheers,
Chris.
More information about the pkg-java-maintainers
mailing list