[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-17571 as EOL in Jessie LTS, adding reference in src:debian-security-support.

Sat, 28 Dec 2019 06:40:24 -0800 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1ca10d0 by Chris Lamb at 2019-12-28T14:39:53Z
Mark CVE-2019-17571 as EOL in Jessie LTS, adding reference in 
src:debian-security-support.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13849,6 +13849,7 @@ CVE-2019-17572
        RESERVED
 CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is 
vulnerable to de ...)
        - apache-log4j1.2 <unfixed> (bug #947124)
+       [jessie] - apache-log4j1.2 <end-of-life> 
(https://salsa.debian.org/debian/debian-security-support/commit/4acf9529dc88fddf60bfa56bb464f9aac703797d)
        NOTE: 
https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
        NOTE: CVE-2019-17571 correspond to CVE-2017-5645 for apache-log4j2. 
1.2.x branch
        NOTE: is end-of-life upstream and does not recieve a fix for this 
issue. Users


=====================================
data/dla-needed.txt
=====================================
@@ -15,10 +15,6 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. 
(utkarsh2102)
 --
-apache-log4j1.2 (Chris Lamb)
-  NOTE: 20191221: Someone with more Java knowledge, please consider eol'ing 
this package
-  NOTE: 20191221: as recommended for oldstable by the secteam. (sunweaver)
---
 clamav (Hugo Lefeuvre)
   NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ca10d0bca216b2949513be984450dc18210770

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1ca10d0bca216b2949513be984450dc18210770
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to