The Pdfsam website mentions that the vulnerabilities discovered impacts
not only log4j2, but also log4j1 ang logback.
https://blog.pdfsam.org/pdfsam-basic/pdfsam-and-log4j2-vulnerability/2286/
The Qos website indicates that in fact the vulnerabilty has been fixed
first in logback 1.2.8, the in 1.2.
Hello,
Did I misunderstood? My impression was that Pdfsam in Debian 11 is not
built upon log4j but upon logback, which description presents as a
successor of log4j?
So no need to upgrade anything?
https://packages.debian.org/bullseye/pdfsam
https://packages.debian.org/bullseye/liblogback-java
On Mon, Dec 27, 2021 at 07:30:38PM +, L Dimov wrote:
> Hello,
>
> I am on Debian 11 Stable with only main repositories. I got a note in PDFsam
> Basic that it needs to be updated due to a vulnerability. But running apt-get
> update and apt-get upgrade does not upgrade PDFsam Basic (it is 4.2
3 matches
Mail list logo
