Back to apache-log4j1.2 PTS page

Accepted apache-log4j1.2 1.2.17-8+deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted apache-log4j1.2 1.2.17-8+deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 13 Feb 2022 22:03:22 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nJMxm-000Evy-Gs@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Feb 2022 10:40:19 +0100
Source: apache-log4j1.2
Architecture: source
Version: 1.2.17-8+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium
 .
   * Team upload.
   * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
     Multiple security vulnerabilities have been discovered in
     Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
     JMSAppender or Apache Chainsaw. Note that a possible attacker requires
     write access to the Log4j configuration and the aforementioned features are
     not enabled by default. In order to completely mitigate against these
     vulnerabilities the related classes have been removed from the resulting
     jar file.
Checksums-Sha1:
 797de5898915417869b83c322ba1fe6f7f91bd9a 2500 apache-log4j1.2_1.2.17-8+deb10u2.dsc
 4a988a8b03f4e907327a225b50c5f27f8600e287 552081 apache-log4j1.2_1.2.17.orig.tar.gz
 a000282e96428fb2645511f1c02378887a8c10a2 27164 apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
 7c9bf169e7d77dab6ba720b63a742b4d2ddbe140 9342 apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo
Checksums-Sha256:
 50c39d8f7ccad36922d13fdacae54e12e270bef3f364f5ef6e802efd1b9904ca 2500 apache-log4j1.2_1.2.17-8+deb10u2.dsc
 f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f 552081 apache-log4j1.2_1.2.17.orig.tar.gz
 2020d64ea272c5bedc8bada4cd936d4df803fa17117a372def73f2b807ea788d 27164 apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
 9fb83b2fdf4ef122c4075324bac3bbe622c33d30a112393f44f8ec0e026aead0 9342 apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo
Files:
 27ece2294b97cff82d83ca1717b024ab 2500 java optional apache-log4j1.2_1.2.17-8+deb10u2.dsc
 9a5f6f7ee471525673a647d86f311e22 552081 java optional apache-log4j1.2_1.2.17.orig.tar.gz
 e77040c5ad61ea47907b4fa61f83f330 27164 java optional apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
 c02fc0870ce29593fb547391484a9896 9342 java optional apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmIJJaNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk0WwQAMRR/9RX5lc26Crnt9QuT5GKTPV5JZrXZ7MB
dV9QYUVXB+rw4tTmxh9ZBokKBvmckgU6mVn/A/3F6hLyi9IJUt7tEu7zlmEVdw9F
CaZKt3CWdTombAfeC3x94w2v85/OUEKUxjcLo+qzCgJB/1cxsThrMTtOi/AxK7a5
82+2U/7l2Fi6Z53zmnTIXVoZ2hLS1MyI4RuOGk5UslapsXxBYpLIwTdlTZjMX/0u
1jf4u2maSP4VCE1/LAgu9ih20bKlNrKlPiUEP97I6TkTvZ9GbKSKSgQ19Vnb9WsZ
U5TwNQ4n9WUprx7qNgOfuTwS3WgCkSZGzh2TeX5OWQ1Urbp3DN/uFv7cH8/OaX/+
JvisZGsgsm1Js9etIbSK0Zh5w2qp2SpboYyTKCJEG5P6oVRka+UCXGmEBGPjsIuT
W37ysmMh1vpSAu+zFokY4OaUBFefT+L4SSPVkQ7aC1lhnZiYNTWgod2yp7Y5zwQd
a9p7QzwExrZCcvYmOweOxAZEJTS0MCDZDJy0iPzjMReQjShg/Zbl9AtyjySNa7N0
Ej75eq1R2FfjJf8tnpjVAFzufj5NW9iYn5kjvNSfPfqoTd7j2SPeck+D1NticDPg
CbYYfhJPrJIseFUXrG6LP2c3OLHr6TE8PTfC/FgFRcBQF2KXhgSF7zeIlb8iKbNF
Dh9guP7B
=VmsU
-----END PGP SIGNATURE-----