Bug#858914: CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver
Guido Günther
agx at sigxcpu.org
Wed Mar 29 05:53:46 UTC 2017
On Tue, Mar 28, 2017 at 05:48:16PM +0200, Markus Koschany wrote:
> Control: forcemerge 857343 858914
>
> Am 28.03.2017 um 17:38 schrieb Guido Günther:
> > Package: logback
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > the following vulnerability was published for logback.
> >
> > CVE-2017-5929[0]:
> > | QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting
> > | the SocketServer and ServerSocketReceiver components.
>
> [...]
>
> Hi Guido,
>
> this is a duplicate of #857343 which I am going to fix very soon.
Yeah, I noticed after filing it. Sorry for the noise and thanks for
fixing it in sid. I've also added it to dla-needed
Cheers,
-- Guido
More information about the pkg-java-maintainers
mailing list