[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Claim apache-log4j1.2 and nss in dla-needed.txt

Hi Markus,

> I think that was a mistake. We definitely should fix apache-log4j1.2 in
> all distributions because a lot of packages depend on it. However the
> vulnerability surfaces only when you use the (optional) option to log to
> a remote server.

Sure thing and I agree with you. Please go ahead. :)


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: