Am 29.12.19 um 19:24 schrieb Holger Levsen:
> On Sun, Dec 29, 2019 at 07:13:15PM +0100, Markus Koschany wrote:
>> I also recommend to let me handle triaging work because I am officially
>> frontdesk at the moment. You can always grab a package and work on it
>> but let frontdesk handle general tria
On Sun, Dec 29, 2019 at 07:13:15PM +0100, Markus Koschany wrote:
> I also recommend to let me handle triaging work because I am officially
> frontdesk at the moment. You can always grab a package and work on it
> but let frontdesk handle general triaging work or at least CC him/her or
> move the di
Hi Markus,
> I think that was a mistake. We definitely should fix apache-log4j1.2 in
> all distributions because a lot of packages depend on it. However the
> vulnerability surfaces only when you use the (optional) option to log to
> a remote server.
Sure thing and I agree with you. Please go ahe
Hi Chris,
(sorry forgot to CC debian-lts)
I think that was a mistake. We definitely should fix apache-log4j1.2 in
all distributions because a lot of packages depend on it. However the
vulnerability surfaces only when you use the (optional) option to log to
a remote server. I am quite sure that mo
Chris Lamb wrote:
> Just noticed you added and took apache-log4j1.2 in dla-needed.txt:
>
> https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ddc1c2172ff36a897b41a11bce2852c4ee69e7e
This shuold have been:
b6ff1525e5b3b87ec5bd431a24708cb125f6eb91
(However, I also note t
Hi Markus,
Just noticed you added and took apache-log4j1.2 in dla-needed.txt:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ddc1c2172ff36a897b41a11bce2852c4ee69e7e
However, I suspect this means that you did not see the previous change
to this file:
https://salsa.
