Bug#1057423: logback: CVE-2023-6378
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 4 19:57:52 GMT 2023
Source: logback
Version: 1:1.2.11-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 1:1.2.11-3
Hi,
The following vulnerability was published for logback.
CVE-2023-6378[0]:
| A serialization vulnerability in logback receiver component part of
| logback version 1.4.11 allows an attacker to mount a Denial-Of-
| Service attack by sending poisoned data.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-6378
https://www.cve.org/CVERecord?id=CVE-2023-6378
[1] https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list