[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44832/apache-log4j2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 29 08:08:05 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
edf7a24a by Salvatore Bonaccorso at 2021-12-29T09:07:24+01:00
Add CVE-2021-44832/apache-log4j2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3503,8 +3503,14 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
CVE-2021-4103
RESERVED
-CVE-2021-44832
- RESERVED
+CVE-2021-44832 [remote code execution via JDBC Appender]
+ RESERVED
+ - apache-log4j2 <unfixed>
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293
+ NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
+ NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1)
+ NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
CVE-2022-21832
RESERVED
CVE-2022-21831
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edf7a24a5d5901f61cadf0e8a6d8e6f92c1c3e6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edf7a24a5d5901f61cadf0e8a6d8e6f92c1c3e6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211229/48f6e65e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list