Debian has JGroups 2.12, this version doesn't use authentication. An
attacker can disrupt a node (stopping or slowing it down) but not
execute arbitrary code.
Diagnostics are enabled by default. We can simply disable them by default.
Emmanuel Bourg
--
To UNSUBSCRIBE, email to debian-bugs-rc-re
Package: libjgroups-java
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4112
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d
2 matches
Mail list logo
