Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted logback 1:1.1.9-2 (source) into unstable
Date: Tue, 28 Mar 2017 16:04:57 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Mar 2017 17:22:37 +0200
Source: logback
Binary: liblogback-java liblogback-java-doc
Architecture: source
Version: 1:1.1.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 liblogback-java - flexible logging library for Java
 liblogback-java-doc - flexible logging library for Java - documentation
Closes: 857343
Changes:
 logback (1:1.1.9-2) unstable; urgency=medium
 .
   * Team upload.
   * Fix CVE-2017-5929:
     It was discovered that logback, a flexible logging library for Java, would
     deserialize data from untrusted sockets. This issue has been resolved by
     adding a whitelist to use only trusted classes. (Closes: #857343)
     Thanks to Fabrice Dagorn for the report.
Checksums-Sha1:
 a80b2a96a5fe7440e3cf05ca649ce843f956bd17 2408 logback_1.1.9-2.dsc
 54688b6b588ed58d126314e1b23fcdd6d1f2bebd 12144 logback_1.1.9-2.debian.tar.xz
 33f35fb43eaf21b32e7f83620cf68df8a4e846c1 15154 logback_1.1.9-2_amd64.buildinfo
Checksums-Sha256:
 99c01932556306755697497c172bb0cb6a9b100915fae43a41cfb7105289c260 2408 logback_1.1.9-2.dsc
 16d7640ef0dc253a799e3e95450aac682a39877556219d983e2fc85809213f4b 12144 logback_1.1.9-2.debian.tar.xz
 93d2f80f30285d36e13a1945a201357b1d9b6eb8ade2b58b725eebb0d5a6b30c 15154 logback_1.1.9-2_amd64.buildinfo
Files:
 99bd1f27c78f1a523f7d2af337b1649b 2408 java optional logback_1.1.9-2.dsc
 3a4c6bc37eef5638a43bcc17a2121731 12144 java optional logback_1.1.9-2.debian.tar.xz
 201a70196f6fccc0ec32a21dc4497ef2 15154 java optional logback_1.1.9-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljahzVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HksNUQAJU4NQgXWN8P8lz9Dt4ROdCkwD3EL1ZeF2x+
F70dyZ1Es3wrwjDV/A2wzRUVg3ZMoijfkQqmp4Du+rLcOqbbCPUlifeM1K/hnEAG
Op+PGnXFK2PVf5tchgD/weh8BHN93VPUg9OpY0j1FMvzgVqsSUyTDSHLCx6tALUq
Xg7NV7SReSqlPSpkXXu8Hfe4Uojn95j7nx/oC/M4KDBDwCJNwZhd0A7KHR0ZkvzF
4EirnHr82kTiIwXzCtur+vW/sq7A907yXmIU+x3JdWzkQtwNPfMAH6NaA2od3cRm
0MkaKFm210z3mMEeuTg/zm8oggh8O3p+1yTuCfDICVeEBBi2HRUI3rzyZ5FQzKEy
hoUn1AR5ViAqP96W128iCDBueS+rLJaIA5HuZiMQjvyi3wf0eRq6IgTvQBa5mwTE
lXqMRV3kbnX9B6P+iF5rg8r+Q83vPKsG485b2USJPxoj98zLXyLIrPETsCxpGH0N
Vnv8a7hKu6Y7ggUwzxPv9oCVjWkPNT/HERXNVRxuCLSKYpJyRE9VV16RSZY2gaI3
Q1DMEGJj2YQerQ8udF12zRu19S+06INxUWRURHUiY6OG1xKUZpTIuV8E0LJiHiad
NziqS6MfBNUD6TcNzEJVSWhv0MvT7U1q09mUNN6KeDl8umT9Wpozi/9Y8hw6ONBT
TwKnI7Ux
=dG7X
-----END PGP SIGNATURE-----
News for package logback
