Hi,
it seems that docker.io would be removed from buster if nothing changes
in the next 3 days [0].
Do you need help to fix this ?
Fabrice
[0] https://lists.debian.org/debian-release/2019/06/msg00542.html
On Mon, 10 Jun 2019 11:54:08 +0700 Arnaud Rebillout
wrote:
> Hi,
>
> thanks for
The POC is a simple Eclipse java project.
UnsafeReceiver will open a ServerSocketReceiver on port and wait
forever.
Injector will then open a client Socket to the ServerSocketReceiver and
serialize a Calculator instance through the wire.
Calculator implements ILoggingEvent to prevent C
Hi,
I have made a quick and dirty POC for this issue.
This results in a remote code execution in the JVM that exposes a
ServerSocketReceiver.
Unfortunately, logback 1:1.1.9-2 is still vulnerable, not 1.2.x.
The POC is available on demand.
Regards,
Fabrice Dagorn
/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
Fabrice Dagorn
Le 28/03/2017 à 18:09, Debian Bug Tracking System a écrit :
This is an automatic notification regarding your Bug report
which was filed against the liblogback-java package:
#857343: logback: CVE-2017-5929: serialization vulnerability affecting
Dear Maintainer,
it's a serious security bug IMO, feel free to switch back to important
if you disagree.
Dear Maintainer,
here is a patch for your 2.8-2 package fixing this bug.
Sorry for #856198, I thought it would help.
Regards,
Fabrice Dagorn
Index: entropybroker-2.8/handle_client.cpp
===
--- entropybroker-2.8.orig
I uploaded a fixed version to mentors.debian.net :
https://mentors.debian.net/debian/pool/main/e/entropybroker/entropybroker_2.9-0.1.dsc
Package: entropybroker
Version: 2.8-2
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
upstream fixed an issue (https://github.com/flok99/entropybroker/issues/5) that
may lead the system to a 100% CPU load.
I will try to package this new version (2.9) as it
8 matches
Mail list logo
