Package: logback / 1:1.1.9-3

Metadata

Package Version Patches format
logback 1:1.1.9-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 compile groovy.patch | (download)

logback-classic/pom.xml | 46 11 + 35 - 0 !
1 file changed, 11 insertions(+), 35 deletions(-)

 compile logback-classic with the groovyc ant task instead of groovy-eclipse-compiler (not yet in debian)
02 remove google ads.patch | (download)

docs/manual/menu.js | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 removes the google ads from the documentation
CVE 2017 5929.patch | (download)

logback-classic/src/main/java/ch/qos/logback/classic/net/SimpleSocketServer.java | 1 0 + 1 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/server/LogbackClassicSerializationHelper.java | 28 28 + 0 - 0 !
logback-core/src/main/java/ch/qos/logback/core/net/HardenedObjectInputStream.java | 48 48 + 0 - 0 !
3 files changed, 76 insertions(+), 1 deletion(-)

 cve-2017-5929

Bug-Debian: https://bugs.debian.org/857343
CVE 2017 5929 part2.patch | (download)

logback-access/src/main/java/ch/qos/logback/access/net/HardenedAccessEventInputStream.java | 15 15 + 0 - 0 !
logback-access/src/main/java/ch/qos/logback/access/net/SocketNode.java | 11 5 + 6 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/SocketAppender.java | 2 0 + 2 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/SocketNode.java | 14 7 + 7 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/server/HardenedLoggingEventInputStream.java | 56 56 + 0 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/server/LogbackClassicSerializationHelper.java | 28 0 + 28 - 0 !
logback-classic/src/main/java/ch/qos/logback/classic/net/server/RemoteAppenderStreamClient.java | 10 5 + 5 - 0 !
logback-core/src/main/java/ch/qos/logback/core/net/HardenedObjectInputStream.java | 47 35 + 12 - 0 !
8 files changed, 123 insertions(+), 60 deletions(-)

 cve-2017-5929-part2

This is part2 to fix CVE-2017-5929