Source: apache-log4j2 Version: 2.16.0-1 Severity: grave Tags: security upstream Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.16.0-1~deb11u1 Control: found -1 2.16.0-1~deb10u1
Hi, The following vulnerability was published for apache-log4j2, again less stronger impact. CVE-2021-45105[0]: | Certain strings can cause infinite recursion If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-45105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 [1] https://issues.apache.org/jira/browse/LOG4J2-3230 [2] https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 Regards, Salvatore __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
