Bug#1001729: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations

2021-12-14 Thread Salvatore Bonaccorso
Hi Markus, On Tue, Dec 14, 2021 at 11:45:20PM +0100, Markus Koschany wrote: > Control: owner -1 ! > > Am Dienstag, dem 14.12.2021 um 21:37 +0100 schrieb Salvatore Bonaccorso: > > Source: apache-log4j2 > > Version: 2.15.0-1 > > Severity: grave > > Tags: security upstream > > Justification: user

Bug#1001729: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations

2021-12-14 Thread Markus Koschany
Control: owner -1 ! Am Dienstag, dem 14.12.2021 um 21:37 +0100 schrieb Salvatore Bonaccorso: > Source: apache-log4j2 > Version: 2.15.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3221 > X-Debbugs-Cc:

Bug#1001729: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations

2021-12-14 Thread Salvatore Bonaccorso
Source: apache-log4j2 Version: 2.15.0-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3221 X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 2.15.0-1~deb11u1 Control: found -1