On Wed, Mar 17, 2021 at 4:13 AM Moritz Mühlenhoff <
jmm@inutil.org> wrote:
> Having identified the offending code the fix is a one line change on the
> other hand. I plan to upload a fixed version of log4net in the coming days.
What's the status of that upload? Patch is at
https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
After some struggles with my pbuilder setup I have pushed the backported fix for CVE-2018-1285 to salsa [0].
Since I don't have access to my PGP key during the pandemic, I am looking for a sponsor for the upload of HEAD [1].
The source package builds from HEAD as 1.2.10+dfsg-8 and is ready for a build with gbp and upload.