Bug#857343: closed by Markus Koschany <apo at debian.org> (Bug#857343: fixed in logback 1:1.1.9-2)

Fabrice Dagorn fabrice at dagorn.fr
Wed Mar 29 06:11:29 UTC 2017


Thank you for your upload.

But i think that the issue is not completely solved, upstream made it in 
several commits (https://github.com/qos-ch/logback/commits/v_1.2.0).

The comment is not meaningful but this one is related to the 
vulnerability : 
https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9

Fabrice Dagorn

Le 28/03/2017 à 18:09, Debian Bug Tracking System a écrit :
> This is an automatic notification regarding your Bug report
> which was filed against the liblogback-java package:
>
> #857343: logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver components
>
> It has been closed by Markus Koschany <apo at debian.org>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Markus Koschany <apo at debian.org> by
> replying to this email.
>
>



More information about the pkg-java-maintainers mailing list