You could also attach the POC to this bug report. The vulnerability is
publicly known by now anyway.
Markus
signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
Am 31.03.2017 um 08:10 schrieb Fabrice Dagorn:
> Hi,
> I have made a quick and dirty POC for this issue.
> This results in a remote code execution in the JVM that exposes a
> ServerSocketReceiver.
>
> Unfortunately, logback 1:1.1.9-2 is still vulnerable, not 1.2.x.
>
> The POC is available on
Hi,
On Thu, Mar 30, 2017 at 03:00:49PM +0200, Emmanuel Bourg wrote:
> I agree, BrowserLauncher was interesting before Java 6, but the Desktop
> API is good enough for most usages now.
Thanks to Ole's patch to jmodeltest which was uploaded some hours ago
I'd be even fine to remove BrowserLauncher
Hi,
I have made a quick and dirty POC for this issue.
This results in a remote code execution in the JVM that exposes a
ServerSocketReceiver.
Unfortunately, logback 1:1.1.9-2 is still vulnerable, not 1.2.x.
The POC is available on demand.
Regards,
Fabrice Dagorn
__
This is the maintainer
4 matches
Mail list logo