Am 28.03.2017 um 20:02 schrieb Salvatore Bonaccorso:
> Hi Markus,
>
> On Tue, Mar 28, 2017 at 05:51:38PM +0200, Markus Koschany wrote:
>> Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso:
[...]
>> Thank you. I am going to fix this bug in a few minutes. Do you think
>> this bug warrants a DSA or
Hi Markus,
On Tue, Mar 28, 2017 at 05:51:38PM +0200, Markus Koschany wrote:
> Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso:
> [...]
> > There apparently was a mistake on triaging CVE-2017-5929.
> >
> > This should be:
> > https://security-tracker.debian.org/tracker/CVE-2017-5929
> >
> > I
Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso:
[...]
> There apparently was a mistake on triaging CVE-2017-5929.
>
> This should be:
> https://security-tracker.debian.org/tracker/CVE-2017-5929
>
> I fixed the tracker entry and it should display the correct
> information on the next update.
Control: retitle -1 logback: CVE-2017-5929: serialization vulnerability
affecting the SocketServer and ServerSocketReceiver components
Hi Markus,
On Tue, Mar 28, 2017 at 09:41:30AM +0200, Markus Koschany wrote:
> Hello security team,
>
> apparently logback < 1.2.0 is vulnerable to a deserializa
On Mar/28, Markus Koschany wrote:
> apparently logback < 1.2.0 is vulnerable to a deserialization issue.
> They announced it on February 8th 2017 but it appears no CVE has been
> assigned yet. [1] Fixing commit is at [2] The bug reporter claims it is
> the same issue as CVE-2015-6420 but I cannot v
Hello security team,
apparently logback < 1.2.0 is vulnerable to a deserialization issue.
They announced it on February 8th 2017 but it appears no CVE has been
assigned yet. [1] Fixing commit is at [2] The bug reporter claims it is
the same issue as CVE-2015-6420 but I cannot verify that at the mo
6 matches
Mail list logo
