| Release | Version |
|---|---|
| bullseye | 1:1.2.3-6 |
| bookworm | 1:1.2.11-3 |
| trixie | 1:1.2.11-6 |
| forky | 1:1.2.11-6 |
| sid | 1:1.2.11-6 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2024-12801 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ... |
| CVE-2024-12798 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core ... |
| CVE-2023-6378 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | A serialization vulnerability in logback receiver component part of l ... |
| CVE-2021-42550 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In logback version 1.2.7 and prior versions, an attacker with the requ ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-1225 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | ACE vulnerability in configuration file processing by QOS.CH logback- ... |
| Bug | Description |
|---|---|
| CVE-2025-11226 | ACE vulnerability in conditional configuration file processing by QOS ... |
| CVE-2023-6481 | A serialization vulnerability in logback receiver component part of l ... |
| CVE-2017-5929 | QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ... |
| DSA / DLA | Description |
|---|---|
| DLA-888-1 | logback - security update |