Thank you for your upload.
But i think that the issue is not completely solved, upstream made it in
several commits (https://github.com/qos-ch/logback/commits/v_1.2.0).
The comment is not meaningful but this one is related to the
vulnerability :
https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
Fabrice Dagorn
Le 28/03/2017 à 18:09, Debian Bug Tracking System a écrit :
This is an automatic notification regarding your Bug report
which was filed against the liblogback-java package:
#857343: logback: CVE-2017-5929: serialization vulnerability affecting the
SocketServer and ServerSocketReceiver components
It has been closed by Markus Koschany <[email protected]>.
Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Markus Koschany
<[email protected]> by
replying to this email.
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
