Accepted logback 1:1.0.4-1+deb7u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Apr 2017 23:20:14 +0200
Source: logback
Binary: liblogback-java liblogback-java-doc
Architecture: source all
Version: 1:1.0.4-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
liblogback-java - flexible logging library for Java
liblogback-java-doc - flexible logging library for Java - documentation
Closes: 857343
Changes:
logback (1:1.0.4-1+deb7u1) wheezy-security; urgency=high
.
* Team upload.
* Fix CVE-2017-5929:
It was discovered that logback, a flexible logging library for Java, would
deserialize data from untrusted sockets. This issue has been resolved by
adding a whitelist to use only trusted classes. (Closes: #857343)
Checksums-Sha1:
625f421b20189385565f6724d62f1ac59dd3fa3e 2254 logback_1.0.4-1+deb7u1.dsc
b4464075f602f6e749698b7148d993a7140ff28a 4712650 logback_1.0.4.orig.tar.gz
4017daf30cdff4676b932148fa15ad77a7d8e210 11594 logback_1.0.4-1+deb7u1.debian.tar.gz
69aff35e3a7f3e62a36f511f59c25e88209ff61f 537650 liblogback-java_1.0.4-1+deb7u1_all.deb
8069d90f655c5eba91ac98af57c206189e9cc253 2101320 liblogback-java-doc_1.0.4-1+deb7u1_all.deb
Checksums-Sha256:
212c8d961db531cd860e076f882972cbce24f138101a4fcb5382f473832e993e 2254 logback_1.0.4-1+deb7u1.dsc
b9c5c3da4026dd337109660b2fca91d9c2c67c4fe9cd5aeca936bed38cd132a3 4712650 logback_1.0.4.orig.tar.gz
a52411611cbe7abae2b19c79fe8c9a5ab834f62ecdbc059775b2c0258b827532 11594 logback_1.0.4-1+deb7u1.debian.tar.gz
7956bcca9c21f5752c32e2d11d211ace5a9027f122c9f4f16629dddc8c526bd3 537650 liblogback-java_1.0.4-1+deb7u1_all.deb
c8d4d6d86597dad644a77aef84f57c4b8bcd8cbbb18f20761cf717ef24c0c5be 2101320 liblogback-java-doc_1.0.4-1+deb7u1_all.deb
Files:
c6d0a1b9ac2a0cb03d372acf1d76a750 2254 java optional logback_1.0.4-1+deb7u1.dsc
1ac788d90b4fe4e044d8e9b0e43da620 4712650 java optional logback_1.0.4.orig.tar.gz
af093c1db2a29db9eae5b02e3c7f2ef5 11594 java optional logback_1.0.4-1+deb7u1.debian.tar.gz
605c9d3edb1e56b922324f3e06631c3f 537650 java optional liblogback-java_1.0.4-1+deb7u1_all.deb
a3c3b883ff1d0187178ccb485f6e7e3e 2101320 doc optional liblogback-java-doc_1.0.4-1+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljoBpdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk1Z4QAJwtt+0+3bvKEb9T5Vnvp88uJmCZHVGmtn3d
203PGE5gYsRRXN3OWAJlSSDqDNtvydxYCBPxlqo9+wuSVOhzC6UujMFnsbHqJWuh
KPpQE9ujq5qBFS/tBtIriVMT1oC9S0rfA892XK51uA8zCvWtgV4dp1Vl0RLF7Z1V
FS8XZp8c2mptY3LetXh7nhbNa3EbSXIma6ARMPS+MVBbFeJ3q0jujKKNyC1g51B4
yeSsByNE3iE2wqTSD8meNItzdlsoKRm3MICcH2F0JCU/+b3ciJ5ri8GT3RfmBHbq
6n+bnjraVe2n5VG/p5SkgH7nSMOcQtpmzPj1o86av1cAl3dHXE5nNydsfgW1rl7l
fzEK9I9jM/AZVW0EhoiJFJMSK7majxusDJWvawo+3b3GfwUpPJfEgFPQ3iGZaLXa
syAuXrFwAR/Fu/eEYq/x8EdoaIcBZ3osDxcyNheFlTV+DgiRdA9wXSjvVPVYIdqr
gTo4fHnXYrYxqI96RgdeEpexhjwaO5BflnrPYRx5mHgCzxvvNg8gNzfzdBqXHzzs
FnBZhNSVmtvJOoT9HBFcQDqet9RgpviyGnoGL30wYmxKR72zKgbuhRVoj3fmUiXs
r/84XEbGZUCFQNWdxGY2Szp7kV6fvxEnH4U/3ZpRMVTbjmaYRuVIzg6uKCgwnIph
Re31khY5
=i+nW
-----END PGP SIGNATURE-----
Reply to: