Back to apache-log4j1.2 PTS page

Accepted apache-log4j1.2 1.2.17-9 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted apache-log4j1.2 1.2.17-9 (source) into unstable
From: Markus Koschany <apo@debian.org>
Date: Sat, 11 Jan 2020 22:34:14 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1iqPKg-000GGa-TC@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Jan 2020 23:06:27 +0100
Source: apache-log4j1.2
Architecture: source
Version: 1.2.17-9
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 947124
Changes:
 apache-log4j1.2 (1.2.17-9) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2019-17571. (Closes: #947124)
     Included in Log4j 1.2 is a SocketServer class that is vulnerable to
     deserialization of untrusted data which can be exploited to remotely
     execute arbitrary code when combined with a deserialization gadget when
     listening to untrusted network traffic for log data.
   * Switch to debhelper-compat = 12.
   * Declare compliance with Debian Policy 4.4.1.
   * Use canonical VCS URI.
Checksums-Sha1:
 7509b3e1b006af179cb8fbe4f80e9c87702fcfc8 2456 apache-log4j1.2_1.2.17-9.dsc
 473a6d296a4cb7d6a73a5dbea95aa9ef6615cf22 9892 apache-log4j1.2_1.2.17-9.debian.tar.xz
 c6137a1443683270b7a06a61e8337c46de1d125a 9175 apache-log4j1.2_1.2.17-9_amd64.buildinfo
Checksums-Sha256:
 94af9dc41077911b2a9f18cd01efe56996cfe5dcabaf8541e48718c0cddb9569 2456 apache-log4j1.2_1.2.17-9.dsc
 303485eef0bc8c6c1de0b60e89aec879a34df74af74f2a136052c9c93c983363 9892 apache-log4j1.2_1.2.17-9.debian.tar.xz
 69da4f0f1303822592f03e22badb875917c2e7b61eab97e817eb4463d2e6a012 9175 apache-log4j1.2_1.2.17-9_amd64.buildinfo
Files:
 5b207c7553c7131833d170819c11c22f 2456 java optional apache-log4j1.2_1.2.17-9.dsc
 df3445aecf28c89eaf78d5e6e20be69d 9892 java optional apache-log4j1.2_1.2.17-9.debian.tar.xz
 e2c0334016aa0217f7f0ba039e6ad53f 9175 java optional apache-log4j1.2_1.2.17-9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4aR8tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk0RUP/RsT0dkqlimlZgvcUbCq8PalXEzqIi/nG5r5
Be9NbHAYvRWTK0dQ62LaEC6+NPfOaL5sQgIHXE+r0+QrU8O1seWMXNnSnUtPXEbP
qxbL0lP2zSqIAnCWLuJctkhjD6xyc5kI+g8t2XWM7A/fp/UPvlaxCd3DttErtUa7
7A/B7twkHwrhx94z+ugIjHzdcmoje0Ii6PR2daawiSZWBfFuTVCrKdm6vZJpb+8E
TZlxqI/uxSSEZaZ02zpwPJf5rCIpCkFyBT5200eDl5a5fSXTJIvhn+dVjOL7O1bZ
+iDkDthK1anlaRjGgoANeWsJUSw+AuoBo5urnwGmG5vXjmSA2ni9weHha6pES6SK
FVv+AuSKMcSlxhCModOjTNilOefre4h8omORMoXnKiR2Ez211OnaVYwEVmqnB427
FlIP5yqVlKO8JhvDgO+BdxGcdFoF7LgFl86UUF1dG3maO6tuJ04N4g+F1ynYUd+C
UgEQv7YKoqbUGqnHj95I6HDrhbQoQN+4XXIDWOnIXWeCXalLw9TmvZGhMj8ugIGv
sy3g8oYWUAIvgLBOEi6EnXv65LdymNwskg3VQlna3+lx+7NHPfxSN6QEs36zQqJI
Tlnp9xZVBRhkCyGJTfJ3C35YxiiROM28cvCsYwb1IGpIZkugRFrzlwZfIIReryM8
7lP8eEVr
=0orB
-----END PGP SIGNATURE-----