On Tue, Mar 28, 2017 at 05:48:16PM +0200, Markus Koschany wrote: > Control: forcemerge 857343 858914 > > Am 28.03.2017 um 17:38 schrieb Guido Günther: > > Package: logback > > Severity: grave > > Tags: security > > > > Hi, > > > > the following vulnerability was published for logback. > > > > CVE-2017-5929[0]: > > | QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting > > | the SocketServer and ServerSocketReceiver components. > > [...] > > Hi Guido, > > this is a duplicate of #857343 which I am going to fix very soon.
Yeah, I noticed after filing it. Sorry for the noise and thanks for fixing it in sid. I've also added it to dla-needed Cheers, -- Guido __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
