-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : logback Version : 1:1.0.4-1+deb7u1 CVE ID : CVE-2017-5929 Debian Bug : 857343
It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a whitelist to use only trusted classes. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.0.4-1+deb7u1. We recommend that you upgrade your logback packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljoDr9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTeSg//UMPFNLuKlU4rZ1HI5l//U8tgza7w1Os54Wx8phtil+Hny0vVOYicOUZN nhnckpF9DwIcOkf35AAf7+7RE9+AFFOMJttsUI1xQy+hzfQHK9kJDq1JGZPB8l7s nJBAfB6PNx869CF9XEsc5rFwuMqYtiCbW+6IJgrUQs61zBHRTApRAjPGvaUAZ3T/ tDURQT5YekSY6I21fepl8sIeTE5IxAJm7PYOnpuIQ9+TLBZBaFYmKJdMrjWHbq5P l/rVTsniGEXd8O+8F7OQVnGci9RbIJeELDjTBi+OCfcF8HAtI6MUsE3cZqGXD8+n 769pSgjTAsxkczQjjle8KhXBwUnPvz/2lFeWi7wJ7puusWraQ8Qvtq6iJLOIGntg K3viXnmGTQ0U6SYE4pKZ5z4SOCWWDtwixKFwoOPT06i2S6Uorjx6esoPTiLj1k+b 2Wcm180dqiF71qMkjmTzNmgoItzW1Es8bkNkPZZ8hv8aRUOQkmsy31/TBCIWKaie XUf77S3Z/Q+uc9b+fgsFZgFBNzT468FlBpDiG3cWGmZax0oN7s8hZVcUqmiYTZ2v ItCxkeBVu7QVBEpWUtTSMP4Ln5FPIxO3UtMUU0H6V0VAw5Rx6U7QxNk3oS5uWpn2 EJzVEotQCkC2Khd02bXVQThGAR9kG+9IZjE0+7G/0QombqyMRIE= =awwu -----END PGP SIGNATURE-----
