apache-log4j1.2_1.2.17-10+deb11u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Mar 5 18:02:08 GMT 2022
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 12 Feb 2022 10:54:14 +0100
Source: apache-log4j1.2
Architecture: source
Version: 1.2.17-10+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Changes:
apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium
.
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
Checksums-Sha1:
afb5b7c62e671b5642f14227881e9f31c1cf0e2b 2495 apache-log4j1.2_1.2.17-10+deb11u1.dsc
29f4a37912946f0721b6b9142b534cbae1505dc1 27116 apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
dc5a30a64f352954dae098420ae9592b281e3863 9672 apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo
Checksums-Sha256:
f7eb156f8a25aa5bd2894023b167eea58cb5044b14b36951c06a1c86a6e8f97a 2495 apache-log4j1.2_1.2.17-10+deb11u1.dsc
cb18f5702e7f7f461417b5e75a62a463f61a3f68afb0420a0fb9f0958b078e7c 27116 apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
4963c74a805b129f3c36e85fe36ae8356e6cd2c946a212e48a5e182d6a0b1a26 9672 apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo
Files:
298644b1b50d8e1ea5b28444564f88d5 2495 java optional apache-log4j1.2_1.2.17-10+deb11u1.dsc
88032a838c3e04c70f1398149f1fb1b4 27116 java optional apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
9ce538398bde118c443875cf21ac9db9 9672 java optional apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmIJT4lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkJ6UP/RjJtr2ZRXTVK4vmVkiqTaltOdyQHxZaG8iv
kbEwch+8qi8CHYAnnnqBgJprqfrN6T63rpj9mgBTbsk9ooXECLkNhgV83fB4A5bk
9tQ+P5jSnPGS9uJQG10+lUHx3YYHjZWcs/pLSqKaFsyNDY9Bw9Vgj4Mh8UU7pcnS
wAr2JCq8H3ICvMceFqhCek1kN3X0Ird74QiPZXfO9E3TewCADdsPiHeFBDAxobTc
b7g3Vd5uQDqmFOQ5DEUW2asvDT9XglVyMzhBLWO/EUMmbSuUDpwxf/+ardwvynCv
MDERC7EoRVPGhrfe4vYpiKoIF0MilbPXNU3Zvp5tKDICSE+Uc7tj+N3KCIsjslZ1
3oOlRKARMcIOqNTgIs2EJI9S16ipkc3S0vKeVmPksa63bXckN9hyCJruotbDS470
tkn2punP3mQ9en8IqmCs01ODEhgMRal/4+sMFx2yeHX8AadQA4MAgc1Wb7ty8qje
9wfTwwRn9/5wJF7H/2kDf12L9V5RBCCiOUdr0zYprzmvvkTFqXGP1BIIU8UwGVqP
x86/klOJY9lGxMT5TsWKk4ynKIppzpwAgD3TNWCLJC7LESvN5QsMZlz4Om5QOwgU
2qzdq030kQkmWPSm7mIRZGUx4EULjTEVINpOAKmfJDrDGYkOjjY1VsD0DUvbbipY
QiJeqsXe
=dVv7
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list