tag 857343 + pending thanks Some bugs in the logback package are closed in revision d88f6cd125cb5e9f7965f29b27ec05b5239ca40b in branch ' jessie' by Markus Koschany
The full diff can be seen at https://anonscm.debian.org/cgit/pkg-java/logback.git/commit/?id=d88f6cd Commit message: Import Debian changes 1:1.1.2-1+deb8u1 logback (1:1.1.2-1+deb8u1) jessie; urgency=high * Team upload. * Fix CVE-2017-5929: It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets. This issue has been resolved by adding a whitelist to use only trusted classes. (Closes: #857343)
