Le 17/04/2017 à 21:20, Salvatore Bonaccorso a écrit : > the following vulnerability was published for apache-log4j2. > > CVE-2017-5645[0]: > Apache Log4j socket receiver deserialization vulnerability
Hi Salvatore, The vulnerability has been fixed in unstable. liblog4j2-java isn't used in jessie, this CVE can be ignored there. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
