Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

On Mon, Jan 31, 2022 at 01:18:49AM +0100, Emmanuel Bourg wrote: > Le 31/01/2022 à 00:47, Markus Koschany a écrit : > > > Thanks tony! I'm currently rebuilding all reverse-dependencies of log4j1.2. > > So > > far it looks like I was right and there is no package that actually requires > > one of t

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Le 31/01/2022 à 00:47, Markus Koschany a écrit : Thanks tony! I'm currently rebuilding all reverse-dependencies of log4j1.2. So far it looks like I was right and there is no package that actually requires one of the affected classes to build. None of the affected features are enabled by default

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Am Sonntag, dem 30.01.2022 um 15:20 -0800 schrieb tony mancill: > > Hi Markus, > > You might take some inspiration and/or patches from the reload4j > project. > >   https://reload4j.qos.ch/  > > I have been using it as drop-in replacement for the log4j 1.2.x jar for > applications at ${dayjob}

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

On Sun, Jan 30, 2022 at 10:12:53PM +0100, Markus Koschany wrote: > On Fri, 28 Jan 2022 17:04:08 +0100 Christoph Anton Mitterer > wrote: > > Package: liblog4j1.2-java > > Version: 1.2.17-10 > > > > A number of holes was found in the 1.2 branch of log4j. > > > > The following is apparently critica

Bug#1004638: openjfx: FTBFS with ffmpeg 5.0

Source: openjfx Version: 11.0.11+0-1 Severity: important X-Debbugs-Cc: sramac...@debian.org Tags: sid bookworm ftbfs Usertags: ffmpeg5.0 openjfx FTBFS with ffmpeg 5.0 (available in experimental): | gcc -fPIC -Wformat -Wextra -Wformat-security -fstack-protector -Werror=implicit-function-declaratio

Bug#1004482: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Control: owner -1 ! On Fri, 28 Jan 2022 17:04:08 +0100 Christoph Anton Mitterer wrote: > Package: liblog4j1.2-java > Version: 1.2.17-10 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: Debian Security Team > > Hey. > > A number of holes was found

Processed: Re: liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302

Processing control commands: > owner -1 ! Bug #1004482 [liblog4j1.2-java] liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 Owner recorded as Markus Koschany . -- 1004482: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482 Debian Bug Tracking System Contact ow...@bugs.debian

Bug#978172: Decide whether libphonenumber or its users should B-D against libboost dev packages

On Thu, Jan 21, 2021 at 10:30:32AM +0100, Laurent Bigonville wrote: > EDS builds fine again, now that libphonenumber has reintroduced the B-D > against libboost dev packages > > libphonenumber maintainer wants use to depend on boost dev package, let's > discuss that after bullseye release Hi Laur

Processed: closing 1003972

Processing commands for cont...@bugs.debian.org: > close 1003972 8.12.41-2 Bug #1003972 [libphonenumber-dev] libphonenumber: New upstream release - please update Marked as fixed in versions libphonenumber/8.12.41-2. Bug #1003972 [libphonenumber-dev] libphonenumber: New upstream release - please

Bug#1004554: ITP: libpdfbox-graphics2d-java -- Java library to embed graphics as vector drawing in a PDF

Package: wnpp Severity: wishlist Owner: Debian Java team X-Debbugs-Cc: debian-de...@lists.debian.org, pkg-java-maintain...@lists.alioth.debian.org * Package name: libpdfbox-graphics2d-java Version : 0.34 Upstream Author : Emmeran Seehuber * URL : https://github.com/ro