-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Apr 2017 23:20:14 +0200 Source: logback Binary: liblogback-java liblogback-java-doc Architecture: source all Version: 1:1.0.4-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: liblogback-java - flexible logging library for Java liblogback-java-doc - flexible logging library for Java - documentation Closes: 857343 Changes: logback (1:1.0.4-1+deb7u1) wheezy-security; urgency=high . * Team upload. * Fix CVE-2017-5929: It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets. This issue has been resolved by adding a whitelist to use only trusted classes. (Closes: #857343) Checksums-Sha1: 625f421b20189385565f6724d62f1ac59dd3fa3e 2254 logback_1.0.4-1+deb7u1.dsc b4464075f602f6e749698b7148d993a7140ff28a 4712650 logback_1.0.4.orig.tar.gz 4017daf30cdff4676b932148fa15ad77a7d8e210 11594 logback_1.0.4-1+deb7u1.debian.tar.gz 69aff35e3a7f3e62a36f511f59c25e88209ff61f 537650 liblogback-java_1.0.4-1+deb7u1_all.deb 8069d90f655c5eba91ac98af57c206189e9cc253 2101320 liblogback-java-doc_1.0.4-1+deb7u1_all.deb Checksums-Sha256: 212c8d961db531cd860e076f882972cbce24f138101a4fcb5382f473832e993e 2254 logback_1.0.4-1+deb7u1.dsc b9c5c3da4026dd337109660b2fca91d9c2c67c4fe9cd5aeca936bed38cd132a3 4712650 logback_1.0.4.orig.tar.gz a52411611cbe7abae2b19c79fe8c9a5ab834f62ecdbc059775b2c0258b827532 11594 logback_1.0.4-1+deb7u1.debian.tar.gz 7956bcca9c21f5752c32e2d11d211ace5a9027f122c9f4f16629dddc8c526bd3 537650 liblogback-java_1.0.4-1+deb7u1_all.deb c8d4d6d86597dad644a77aef84f57c4b8bcd8cbbb18f20761cf717ef24c0c5be 2101320 liblogback-java-doc_1.0.4-1+deb7u1_all.deb Files: c6d0a1b9ac2a0cb03d372acf1d76a750 2254 java optional logback_1.0.4-1+deb7u1.dsc 1ac788d90b4fe4e044d8e9b0e43da620 4712650 java optional logback_1.0.4.orig.tar.gz af093c1db2a29db9eae5b02e3c7f2ef5 11594 java optional logback_1.0.4-1+deb7u1.debian.tar.gz 605c9d3edb1e56b922324f3e06631c3f 537650 java optional liblogback-java_1.0.4-1+deb7u1_all.deb a3c3b883ff1d0187178ccb485f6e7e3e 2101320 doc optional liblogback-java-doc_1.0.4-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljoBpdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk1Z4QAJwtt+0+3bvKEb9T5Vnvp88uJmCZHVGmtn3d 203PGE5gYsRRXN3OWAJlSSDqDNtvydxYCBPxlqo9+wuSVOhzC6UujMFnsbHqJWuh KPpQE9ujq5qBFS/tBtIriVMT1oC9S0rfA892XK51uA8zCvWtgV4dp1Vl0RLF7Z1V FS8XZp8c2mptY3LetXh7nhbNa3EbSXIma6ARMPS+MVBbFeJ3q0jujKKNyC1g51B4 yeSsByNE3iE2wqTSD8meNItzdlsoKRm3MICcH2F0JCU/+b3ciJ5ri8GT3RfmBHbq 6n+bnjraVe2n5VG/p5SkgH7nSMOcQtpmzPj1o86av1cAl3dHXE5nNydsfgW1rl7l fzEK9I9jM/AZVW0EhoiJFJMSK7majxusDJWvawo+3b3GfwUpPJfEgFPQ3iGZaLXa syAuXrFwAR/Fu/eEYq/x8EdoaIcBZ3osDxcyNheFlTV+DgiRdA9wXSjvVPVYIdqr gTo4fHnXYrYxqI96RgdeEpexhjwaO5BflnrPYRx5mHgCzxvvNg8gNzfzdBqXHzzs FnBZhNSVmtvJOoT9HBFcQDqet9RgpviyGnoGL30wYmxKR72zKgbuhRVoj3fmUiXs r/84XEbGZUCFQNWdxGY2Szp7kV6fvxEnH4U/3ZpRMVTbjmaYRuVIzg6uKCgwnIph Re31khY5 =i+nW -----END PGP SIGNATURE-----
