Control: owner -1 ! Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso: > Source: apache-log4j2 > Version: 2.16.0-1 > Severity: grave > Tags: security upstream > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: found -1 2.16.0-1~deb11u1 > Control: found -1 2.16.0-1~deb10u1 > > Hi, > > The following vulnerability was published for apache-log4j2, again > less stronger impact. > > CVE-2021-45105[0]: > > Certain strings can cause infinite recursion > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Thanks for the report. I hope we are not going to see a new log4j CVE every week now... I can prepare the security update for Buster and Bullseye again. Regards, Markus
signature.asc
Description: This is a digitally signed message part
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
