Bug#857343: closed by Markus Koschany <apo at debian.org> (Bug#857343: fixed in logback 1:1.1.9-2)
Markus Koschany
apo at debian.org
Wed Mar 29 09:33:56 UTC 2017
Control: reopen -1
Am 29.03.2017 um 08:11 schrieb Fabrice Dagorn:
> Thank you for your upload.
>
> But i think that the issue is not completely solved, upstream made it in
> several commits (https://github.com/qos-ch/logback/commits/v_1.2.0).
>
> The comment is not meaningful but this one is related to the
> vulnerability :
> https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
Hi,
I am not sure because they have also included a lot of cosmetic changes
but there might be even more relevant commits hence I have asked for a
clarification from upstream. [1]
I keep this bug report open until we know more about it.
Regards,
Markus
[1] http://mailman.qos.ch/pipermail/logback-user/2017-March/004875.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170329/af526e4a/attachment.sig>
More information about the pkg-java-maintainers
mailing list