Source: apache-log4j2 Version: 2.0~beta9-1 Severity: grave Tags: security upstream Forwarded: https://issues.apache.org/jira/browse/LOG4J2-1863
Hi, the following vulnerability was published for apache-log4j2. CVE-2017-5645[0]: Apache Log4j socket receiver deserialization vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. This one might warrant a DSA, but please check back with t...@security.debian.org . For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5645 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645 [1] https://issues.apache.org/jira/browse/LOG4J2-1863 Regards, Salvatore