From ${URL} : It was found that logback is vulnerable to a deserialization issue. Logback would try to deserialize data from a socket, but it can't be trusted. References: https://logback.qos.ch/news.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@ Maintainer(s): Please bump to >=dev-java/logback-1.2.0!
*** Bug 635716 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c543f10628751b6f7dae48ff3b56e2df9a5fa59d commit c543f10628751b6f7dae48ff3b56e2df9a5fa59d Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-14 20:01:21 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-14 20:01:21 +0000 profiles/package.mask: mask dev-java/logback Bug: https://bugs.gentoo.org/612914 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecdb762e59f8c32806c22d1ba57df1aa6b5092af commit ecdb762e59f8c32806c22d1ba57df1aa6b5092af Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-09-14 15:24:45 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-09-14 15:25:59 +0000 dev-java/logback: Remove last-rited pkg Bug: https://bugs.gentoo.org/612914 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-java/logback/Manifest | 2 - dev-java/logback/logback-1.0.13-r1.ebuild | 61 ------------------------------- dev-java/logback/metadata.xml | 11 ------ profiles/package.mask | 5 --- 4 files changed, 79 deletions(-)
bye