https://bugs.kde.org/show_bug.cgi?id=449822
Bug ID: 449822
Summary: Vurnability to CVE-2021-44228 in Apache Log4j
framework
Product: kdenlive
Version: 21.04.3
Platform: Microsoft Windows
OS: Microsoft Windows
Status: REPORTED
Severity: normal
Priority: NOR
Component: Installation
Assignee: vpi...@kde.org
Reporter: danny.zwa...@kronoberg.se
Target Milestone: ---
SUMMARY
I work for the regional government "Region Kronoberg" (www.kronoberg.se) and in
our healthcare organisation we your program KDenlive version 21.04.3 .
Recently it became known that there is a vulnerability in the framework for
JAVA called Apache Log4j.
JAVA. Log4J is a log management framework that can be used in JAVA.
We now examining all systems and software used in our organisation to see if
these systems / software use Log4j.
I would appriciate if the following questions can be answered:
- Does your product Kdenlive version 21.04.3 contain the Log4J framework?
- Is your product vulnerable to CVE-2021-44228? More information is available
at: NVD - CVE-2021-44228 (nist.gov)
If the answer on one of these questions is "Yes" answer even the following
questions:
- how do you intend to deal with the vulnerability?
- How should we act as a user?
- If there is no resolution availble at this moment WHEN is will a resolution
be released and WHAT do you suggest we do in the meantime?
Since this is a serious vulnerability I hope to get an answer very soon.
With kind regards,
Danny Zwaard
SOFTWARE/OS VERSIONS
Windows: 10 (Version 10.0.18363.2037)
--
You are receiving this mail because:
You are watching all bug changes.
