subject:"Bug#857343\: liblogback\-java\: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver"

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Emmanuel Bourg

Hi Fabrice, Thank you for the report. Do you know if there is a CVE ID assigned to this vulnerability? Emmanuel Bourg

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Fabrice Dagorn

CVE-2015-6420 is for Apache Commons, but this is the same issue. Le 10/03/2017 à 10:15, Emmanuel Bourg a écrit : Hi Fabrice, Thank you for the report. Do you know if there is a CVE ID assigned to this vulnerability? Emmanuel Bourg

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

2017-03-10 Thread Fabrice Dagorn

Package: liblogback-java Version: 1:1.1.2-1 Severity: important Tags: upstream patch Dear Maintainer, logback versions in wheezy, jessie and stretch are vulnerable to a deserialization issue. Logback would try to deserialize data from a socket, but it can't be trusted. Upstream mitigates this

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

Bug#857343: liblogback-java: logback < 1.2.0 has a vulnerability in SocketServer and ServerSocketReceiver

3 matches

Site Navigation

Mail list logo

Footer information