General

Profile

GNUtoo

Issues

Projects

Activity

2022-05-05

02:34 PM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
bill-auger wrote:
> > jh and maven are probably used in almost all our java packages in libre.
>
> i did a bit of...
GNUtoo
02:25 PM Packages Bug #3269 (unconfirmed): [telegram-desktop] possible DRM, security, privacy, and anonymity issues
Hi,
Someone described on the gnu-linux-libre mailing list a Telegram anti-feature that looks like DRM to me[1]: th...
GNUtoo

2022-05-03

12:51 AM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
slf4j has been updated to the latest version and doesn't depend on log4j-1.2 anymore.
So the main package pulling ...
GNUtoo
12:26 AM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
To be more specific with maven-central, when using a pom.xml, it typically fetches the dependencies from maven-centra... GNUtoo
12:22 AM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
For slf4j I managed to build an updated version without log4j on my laptop, I'll now try to release packages.
What...
GNUtoo

2022-05-02

08:37 PM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
Indeed. I don't know how to do that but the people who already wrote there probably know how to do it. I can write th... GNUtoo
06:22 PM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
As I understand it doesn't affect users already having log4j-1.2 at all (they aren't notified) and their packages con... GNUtoo

2022-04-26

11:12 PM Packages Bug #3261 (confirmed): [log4j-1.2] Unmaintained, insecure, vulnerable package
I'm reopening as bill-auger told me that on IRC:
> < bill-auger> deleting a package from the repos would [not] remov...
GNUtoo
11:06 PM Packages Bug #3261: [log4j-1.2] Unmaintained, insecure, vulnerable package
For the details:
* I've removed it from the repositories with db-remove
* I've also removed it from abslibre
I h...
GNUtoo
11:04 PM Packages Bug #3261 (fixed): [log4j-1.2] Unmaintained, insecure, vulnerable package
GNUtoo

Also available in: Atom