Control: owner -1 ! On Fri, 28 Jan 2022 17:04:08 +0100 Christoph Anton Mitterer <[email protected]> wrote: > Package: liblog4j1.2-java > Version: 1.2.17-10 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: Debian Security Team <[email protected]> > > Hey. > > A number of holes was found in the 1.2 branch of log4j. > > The following is apparently critical (code injection): > https://www.cvedetails.com/cve/CVE-2022-23307/ > > https://www.cvedetails.com/cve/CVE-2022-23305/ > https://www.cvedetails.com/cve/CVE-2022-23302/
I intend to address these issues shortly. I believe we can just remove the affected classes because they are not used by our dependencies but I need to double-check that. Markus
signature.asc
Description: This is a digitally signed message part
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
