| Package | log4net |
|---|---|
| Version | 1.2.10+dfsg-8~deb10u1 (buster) |
| Related CVEs | CVE-2018-1285 |
XML external entities were not disabled when parsing configuration files in log4net, a logging library for the Common Language Infrastructure (Mono, .NET).
For Debian 10 buster, these problems have been fixed in version 1.2.10+dfsg-8~deb10u1.
We recommend that you upgrade your log4net packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.