tag 857343 + pending thanks Some bugs in the logback package are closed in revision febe22ba76de74fbf5238b5f245dcb3fcf151d0d in branch ' wheezy' by Markus Koschany
The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/logback.git/commit/?id=febe22b Commit message: Import Debian changes 1:1.0.4-1+deb7u1 logback (1:1.0.4-1+deb7u1) wheezy-security; urgency=high * Team upload. * Fix CVE-2017-5929: It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets. This issue has been resolved by adding a whitelist to use only trusted classes. (Closes: #857343) logback (1:1.0.4-1) unstable; urgency=low * New upstream release. * d/control: Update Standards-Version to 3.9.3: no changes needed. * d/copyright: Upgrade to copyright-format 1.0.