Your message dated Sun, 11 Apr 2021 19:10:13 +0000
with message-id <[email protected]>
and subject line Bug#977468: fixed in log4net 1.2.10+dfsg-8
has caused the Debian Bug report #977468,
regarding CVE-2018-1285
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
977468: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977468
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: log4net
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Please see https://issues.apache.org/jira/browse/LOG4NET-575
Patch:
https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: log4net
Source-Version: 1.2.10+dfsg-8
Done: Mirco Bauer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
log4net, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mirco Bauer <[email protected]> (supplier of updated log4net package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 11 Apr 2021 20:36:21 +0800
Source: log4net
Architecture: source
Version: 1.2.10+dfsg-8
Distribution: unstable
Urgency: medium
Maintainer: Debian CLI Libraries Team
<[email protected]>
Changed-By: Mirco Bauer <[email protected]>
Closes: 977468
Changes:
log4net (1.2.10+dfsg-8) unstable; urgency=medium
.
* fix CVE-2018-1285: XXE vulnerability in config parsing (closes: #977468)
* Ignore quilt dir
Checksums-Sha1:
e90b09fc403de85efcef411f4ca5bba0d697acaa 2182 log4net_1.2.10+dfsg-8.dsc
e7902d8db9e265948bb9277cd38de32966223422 7852
log4net_1.2.10+dfsg-8.debian.tar.xz
9831ef88868b5666bab1b790fc4a45b87ba36496 5468
log4net_1.2.10+dfsg-8_source.buildinfo
Checksums-Sha256:
68ecb51abf2cc8ba9a06742366b62f09a4b7f6933eed1aaf5c0fc1fb04eb8348 2182
log4net_1.2.10+dfsg-8.dsc
95c31d9c284c035aaa6922b45bd7a1c0d3f57ee18c78af82e4976a491245cefb 7852
log4net_1.2.10+dfsg-8.debian.tar.xz
f91bb3d5d3d00f3454f34b520fd2f97a7039ce5f6d75dd7f09907893ce5a1021 5468
log4net_1.2.10+dfsg-8_source.buildinfo
Files:
7458644a3041d8ee3930b61c194deaec 2182 libs optional log4net_1.2.10+dfsg-8.dsc
f478c7fc3dd04f125c6a9ca53058dd99 7852 libs optional
log4net_1.2.10+dfsg-8.debian.tar.xz
57c4d45d2e0abf9054af6ee52603bb52 5468 libs optional
log4net_1.2.10+dfsg-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmBzRCAACgkQXBPW25MF
LgPfHg//XsYN49bHV6vbUNTU1cJrvFCsZkpvUxaCQVjLBFumkDn4GVstYWWdLNrq
afLfzQJ/CFCIaaeWBlOBS25WJwnI9/o7+LhuGTliniMl5VDmHZtd5bwpgutXf246
bq0uu+g+gge/Q6hHRelaDsjI3/jRp7Bseprquvkoss5I+W6xKVSDO4clTOo9ZCoL
4K5RfChXah3V0pOWHUilhGoPWBUr+A7bc4cS70P5HecYowWeZp6t2HwidWfB52so
xFc5XH4rW4POCOy9MHdth1WPiVc5B3WoGpdRN4gwsVwPQ5Luhu3paEtG8PiMUhBN
DoElmqTXg5gbnjHFort2jqqy9X2Nij6wVRf1nn1YboXyT607wVxJzUxvIBVqHADZ
FA9tar1C7Ec8DfZWN64HN6x9rM3Cmzrrv60YSiUhfcudRNuPk1JGPj717N/OV30X
kwI74lgoZc5M3ToMY97dQn2f3gUPwHSANOIOq0vqWynfVOjU95cLZFQO/a23Z+/q
HWet5KfQyZp0D4wJuSxiqgTJIRXhYC5liRkAXq0p+IX4kuRnFR3pD2cgpdX2WZr2
k9Zq1Xi6A3YpqhZOlRRfCo/INqe37f5RZp+9qcQc6/ID3V0r/tB+L7YQwqMPmAJf
UmYQg0S9UMTvqGW5Jbe7oIanVWl7z7qUGwfmLYiX/zMUBAIYoGE=
=pHHT
-----END PGP SIGNATURE-----
--- End Message ---
