Date: Mon, 20 Dec 2021 12:11:05 +0100 From: Thomas Zander <riggs@freebsd.org> To: Muhammad Moinur Rahman <bofh@freebsd.org>, "Danilo G. Baio" <dbaio@freebsd.org>, elastic@freebsd.org, freebsd@dussan.org, freebsd@rheinwolf.de, guido@kollerie.com, Jason Helfman <jgh@freebsd.org>, mfechner@freebsd.org, michael.osipov@siemens.com, netchild@freebsd.org, opensearch@freebsd.org, otis@freebsd.org, root@cooltrainer.org, timp87@gmail.com, Yuri <yuri@freebsd.org> Cc: FreeBSD Ports Management Team <portmgr@freebsd.org>, FreeBSD Ports Security Team <ports-secteam@freebsd.org>, Stefan Esser <se@freebsd.org>, Ed Maste <emaste@freebsd.org> Subject: Please double-check for vulnerable bundled log4j Message-ID: <CAFU734zXHs%2BNWZ5cC1%2BiWmqbA4FLBsWR-daRzkkXV_Y2v_oXrQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear maintainer, You are maintaining at least one of the ports listed in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421#c9. They seem to bundle a potentially vulnerable log4j version. In case you have not looked into this already, please: * Double check if your port(s) are at risk. * Check if there are fixes available upstream and if so, prepare the fixes for your port as soon as possible. * If fixes are not yet available, please open a bug in bugzilla and mark it as blocking for https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421 so we don't lose track of it. Also please keep checking for upstream fixes regularly and update the port as soon as you can. Thank you and best regards For ports-secteam Riggs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFU734zXHs%2BNWZ5cC1%2BiWmqbA4FLBsWR-daRzkkXV_Y2v_oXrQ>