On Tue, Mar 28, 2017 at 05:48:16PM +0200, Markus Koschany wrote:
> Control: forcemerge 857343 858914
>
> Am 28.03.2017 um 17:38 schrieb Guido Günther:
> > Package: logback
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > the following vulnerability was published for logback.
> >
> >
Control: forcemerge 857343 858914
Am 28.03.2017 um 17:38 schrieb Guido Günther:
> Package: logback
> Severity: grave
> Tags: security
>
> Hi,
>
> the following vulnerability was published for logback.
>
> CVE-2017-5929[0]:
> | QOS.ch Logback before 1.2.0 has a serialization vulnerability
Processing control commands:
> forcemerge 857343 858914
Bug #857343 [liblogback-java] logback: CVE-2017-5929: serialization
vulnerability affecting the SocketServer and ServerSocketReceiver components
Unable to merge bugs because:
package of #858914 is 'logback' not 'liblogback-java'
Failed to
Package: logback
Severity: grave
Tags: security
Hi,
the following vulnerability was published for logback.
CVE-2017-5929[0]:
| QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting
| the SocketServer and ServerSocketReceiver components.
If you fix the vulnerability please
4 matches
Mail list logo