Control: owner -1 ! On Fri, 28 Jan 2022 17:04:08 +0100 Christoph Anton Mitterer <cales...@scientia.org> wrote: > Package: liblog4j1.2-java > Version: 1.2.17-10 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > Hey. > > A number of holes was found in the 1.2 branch of log4j. > > The following is apparently critical (code injection): > https://www.cvedetails.com/cve/CVE-2022-23307/ > > https://www.cvedetails.com/cve/CVE-2022-23305/ > https://www.cvedetails.com/cve/CVE-2022-23302/
I intend to address these issues shortly. I believe we can just remove the affected classes because they are not used by our dependencies but I need to double-check that. Markus
signature.asc
Description: This is a digitally signed message part
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
