Bug#857343: #857343: logback deserialization vulnerability

Markus Koschany apo at debian.org
Tue Mar 28 15:51:38 UTC 2017


Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso:
[...]
> There apparently was a mistake on triaging CVE-2017-5929.
> 
> This should be:
> https://security-tracker.debian.org/tracker/CVE-2017-5929
> 
> I fixed the tracker entry and it should display the correct
> information on the next update.

Thank you. I am going to fix this bug in a few minutes. Do you think
this bug warrants a DSA or do you prefer that I get in contact with the
release team?

Regards,

Markus




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170328/0e4cbf92/attachment.sig>


More information about the pkg-java-maintainers mailing list