Back to apache-log4j1.2 PTS page

Accepted apache-log4j1.2 1.2.17-5+deb8u1 (source all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted apache-log4j1.2 1.2.17-5+deb8u1 (source all) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Sun, 12 Jan 2020 19:30:16 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1iqiwC-0003YO-SJ@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jan 2020 20:05:50 +0100
Source: apache-log4j1.2
Binary: liblog4j1.2-java liblog4j1.2-java-doc
Architecture: source all
Version: 1.2.17-5+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 liblog4j1.2-java - Logging library for java
 liblog4j1.2-java-doc - Documentation for liblog4j1.2-java
Closes: 947124
Changes:
 apache-log4j1.2 (1.2.17-5+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2019-17571. (Closes: #947124)
     Included in Log4j 1.2 is a SocketServer class that is vulnerable to
     deserialization of untrusted data which can be exploited to remotely
     execute arbitrary code when combined with a deserialization gadget when
     listening to untrusted network traffic for log data.
Checksums-Sha1:
 b97d045743a2401bcb549ef52c2ea702f330a6f9 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc
 4a988a8b03f4e907327a225b50c5f27f8600e287 552081 apache-log4j1.2_1.2.17.orig.tar.gz
 5078f987537d527655a387ad70049280d2bc4265 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz
 b2b18ac5e4b840e58ed8e3518b901a3075a1698e 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb
 53b346cb9617c3c5888d8c3351cd42dfc85e1540 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb
Checksums-Sha256:
 d1f87fec3dc512bbc9f21e5bf87a12e3b7f19aab787cbef2959fc6490b79a4fd 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc
 f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f 552081 apache-log4j1.2_1.2.17.orig.tar.gz
 260356e11185e61c4b5779b5ecddae1aa4c5711ac39dfe270840747bd353dcb2 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz
 8b2ddea91c54bbf9572085f5ca0753a0c9aaef3036bbf618848a2cf43fa11769 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb
 143bca203cb0b967663fce58fb2687981566f525913e8f9332dd489c70f87886 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb
Files:
 1b3be4482bd1fc23e39fd46962416635 2485 java optional apache-log4j1.2_1.2.17-5+deb8u1.dsc
 9a5f6f7ee471525673a647d86f311e22 552081 java optional apache-log4j1.2_1.2.17.orig.tar.gz
 b3194e47fc3407658b207cccc9e4f926 9684 java optional apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz
 58b38248d1d6f125aa804a0201b70211 387006 java optional liblog4j1.2-java_1.2.17-5+deb8u1_all.deb
 78f1988a9d038f59919c9c6c6a05bba1 260794 doc optional liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bcNZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkEMcP/imWIeii7O0tN6R7oAee0EdxLgDZvu7ZYGbi
q3+uWMG11K4gjG821KJaiwzPn4U9DJW6lymlYMspLU7bQ2s7YJ+3KYbCqHs60F6E
vy1VQXY1ZkWK0NPGCQUZ4fSqCVe0mSoS/4LD/obEbpl+AXvroNVK6PRLgT91vsyF
oLtKMyHBcs30zDP5ld5EWhk87TqrHmARgVpnBkI9VTy4Cvi2jfgjqKsPYmEsID3T
heY1f7PoL8qTHHo8/ug3CvuAv4b6vOtJPUy7eUNhZQa/ilk0CU0O/AlViV03BrTU
WXwojWbm7bEYZbCrmqVHa1B+ORY4fqMu+aTmwUqW5Vx4WGUFQVcxV9PjtjUkiHc2
iGKSk7yLIbOr+7Db2RCFQPw9i6GetpZS1IA/Tj67vjpPn/oDkcqQsp7Q/DdPnS8T
E2FDKySzZnod3QN2yMVOU6+Z7DWDg38ErDZtDIIR4i2PYnDvmj4uQyw6ZiPwYzno
wVnhf34mj9W17dvdPmy5pk08Nzc7Jo4G0muC61aY2tgRTJOX7gToLmkkG4D0WFwV
ZgHVi8zNmpKQU42ukTd0VqU3NM31VLwh8gQyXP82CaNLK6ZqYnRsANNJlz9baHzx
fz9StTr8erYhr0gjFTlBkxMG7Pbm3ffpfu1Bi4ILhml9o7tp1M/5zyqlcXNvkMNb
mlEfrpaL
=03Yw
-----END PGP SIGNATURE-----