Back to apache-log4j2 PTS page

Accepted apache-log4j2 2.15.0-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted apache-log4j2 2.15.0-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 11 Dec 2021 15:18:38 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1mw490-000AfX-Ka@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Dec 2021 15:01:57 +0100
Source: apache-log4j2
Architecture: source
Version: 2.15.0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1001478
Changes:
 apache-log4j2 (2.15.0-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 2.15.0.
     - Fix CVE-2021-44228:
       Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features
       used in configuration, log messages, and parameters do not protect
       against attacker controlled LDAP and other JNDI related endpoints. An
       attacker who can control log messages or log message parameters can
       execute arbitrary code loaded from LDAP servers when message lookup
       substitution is enabled. From version 2.15.0, this behavior has been
       disabled by default. (Closes: #1001478)
   * Update debian/watch to track the latest releases.
   * Declare compliance with Debian Policy 4.6.0.
Checksums-Sha1:
 94ee1f654281c0a1367bc61a2dd1810b2813f9a3 3019 apache-log4j2_2.15.0-1.dsc
 9af1682ea5a76d1462f01ca3065359ecbd87905c 1288012 apache-log4j2_2.15.0.orig.tar.xz
 886483b6ea263ba996b339e7f7a68934454bfaec 7168 apache-log4j2_2.15.0-1.debian.tar.xz
 2daa4f1f6c8a371f989daa91a3c915b3de409e17 14600 apache-log4j2_2.15.0-1_amd64.buildinfo
Checksums-Sha256:
 221286f075e51ff2d6154ae6b420c65e5d4e828885bb7a3384f6537b27ed2456 3019 apache-log4j2_2.15.0-1.dsc
 bfe55d5b3b6e636cc45c7f8ab35a531e14d9b07c33c6b1afe098571b0a71a02a 1288012 apache-log4j2_2.15.0.orig.tar.xz
 23837f95be4b7f7870b7308322de52c4bb676b8f74c6ac22a4b441caf0904386 7168 apache-log4j2_2.15.0-1.debian.tar.xz
 07964f43e7526d01eaf470144c686fd1fe9fcb53b392e8b03cebec4bffa57ab4 14600 apache-log4j2_2.15.0-1_amd64.buildinfo
Files:
 d8ceba7cedd0bd4bd6177bbd8882ff99 3019 java optional apache-log4j2_2.15.0-1.dsc
 34d5e5f1178d1056199f13336cadfe16 1288012 java optional apache-log4j2_2.15.0.orig.tar.xz
 2ed6526293de4ae7241e2de9a90836b8 7168 java optional apache-log4j2_2.15.0-1.debian.tar.xz
 39c2b3a6cfc2c65e67726f37ce5b8f73 14600 java optional apache-log4j2_2.15.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0vn9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkaEUP/1khegZ35YpUydHYV4cn5+tUwWetu3abgTR6
3pLaBMuSqMCx7DoqUpzIlecoz7JIxWmVYyMQj09HTbmA0Dst/MNXlD9+4LWOLHX0
gYyk0co9VJ7J3Y+67ruu6qYYVsjMmwdRQz1XwgbihmBmPFuIvrqgVomTsTEZzHFu
jsGIvMIkjRGcjhCkkOuVq8llzaT9rxovbHVFgTDURoDwpxdlCxL40URyRm3GljfO
meH6ZZ+oeYcznjC8D8nGdulDlQr6zXEEJee0agWOq6uEh6xPGIDCpMhWBF+Nd9Uq
BNn+1nyzssHl1fvDGaepVQmlVDanCRUQ3GS31cwKIn1jcHaGFL6wO+YYNQtGXt1i
xcVtCSImA0WkyaoL5ionKJBjOm54BYyPPszMNuMMIQbqtv7KdzDUIDkYLVgtaDSk
/3F+m3XZrEP1oKYXR9KJPk7PjVjHN8bGzusonwwEWjo4IYJUK58rJRiH9sYwiv34
m1D9+4YHcErLxedSoLauW2gGR9sKH6Pw8BLkIJyM4nqnPuldA2lRc3GmwzWZhjSl
rj/8jwwGaMjTfBpGRjpICBmKjS75kaH9+nfuONK5XR4eiRB9Uk89AjIJFhE6f2/E
pz5k9BS8EVHD8te/ywkxaiLxaDOqPN6Td6bHhIeHstMS14z/DQbjxFBY0mIuCAZP
8vrsmEz4
=2VhD
-----END PGP SIGNATURE-----