Hi Fabrice,
Thank you for the report. Do you know if there is a CVE ID assigned to
this vulnerability?
Emmanuel Bourg
CVE-2015-6420 is for Apache Commons, but this is the same issue.
Le 10/03/2017 à 10:15, Emmanuel Bourg a écrit :
Hi Fabrice,
Thank you for the report. Do you know if there is a CVE ID assigned to
this vulnerability?
Emmanuel Bourg
Package: liblogback-java
Version: 1:1.1.2-1
Severity: important
Tags: upstream patch
Dear Maintainer,
logback versions in wheezy, jessie and stretch are vulnerable to a
deserialization issue.
Logback would try to deserialize data from a socket, but it can't be trusted.
Upstream mitigates this
3 matches
Mail list logo