Hi! On Sat, Dec 18, 2021 at 03:30:16PM +0100, Markus Koschany wrote: > Control: owner -1 ! > > Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso: > > Source: apache-log4j2 > > Version: 2.16.0-1 > > Severity: grave > > Tags: security upstream > > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > Control: found -1 2.16.0-1~deb11u1 > > Control: found -1 2.16.0-1~deb10u1 > > > > Hi, > > > > The following vulnerability was published for apache-log4j2, again > > less stronger impact. > > > > CVE-2021-45105[0]: > > > Certain strings can cause infinite recursion > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > Thanks for the report. I hope we are not going to see a new log4j CVE every > week now... > > I can prepare the security update for Buster and Bullseye again.
Thanks! I hope and expect it will calm down again around log4j2. Many people are now looking at it, so it's good issues are found and are resolved. Regards, Salvatore
