Back to apache-log4j2 PTS page

Accepted apache-log4j2 2.17.1-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Dec 2021 11:44:21 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1002813
Changes:
 apache-log4j2 (2.17.1-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 2.17.1.
     - Fix CVE-2021-44832:
       Apache Log4j2 is vulnerable to a remote code execution
       (RCE) attack where an attacker with permission to modify the logging
       configuration file can construct a malicious configuration using a JDBC
       Appender with a data source referencing a JNDI URI which can execute
       remote code. This issue is fixed by limiting JNDI data source names to
       the java protocol.
       Thanks to Salvatore Bonaccorso for the report. (Closes: #1002813)
Checksums-Sha1:
 f813d89a019d3d44d85af95584936d8925b96aa4 3019 apache-log4j2_2.17.1-1.dsc
 e1c06710e675182f651e8ce0784baacf806ecb55 1291432 apache-log4j2_2.17.1.orig.tar.xz
 bb35850181b0860bd2903f7062e0e4d9ea8a9d1d 7664 apache-log4j2_2.17.1-1.debian.tar.xz
 fa6483acc9587e0d02a49557ee9f1063c8ef84bb 14846 apache-log4j2_2.17.1-1_amd64.buildinfo
Checksums-Sha256:
 b9a277fc77c1f885dfd1245f5ffb39dd134cc7ddc3683f9ed74f8b1ab5c5c1e9 3019 apache-log4j2_2.17.1-1.dsc
 c7139fdcad10a8470da5c3f8d818c3eefe63c88e21518c27e558048ed3b90b15 1291432 apache-log4j2_2.17.1.orig.tar.xz
 118439225ec8cf5a5c63b0b59ef7311026be74a9c012d698e907cf5b3f4188fe 7664 apache-log4j2_2.17.1-1.debian.tar.xz
 348c147376f252582e75db839c112a4f11e8abb9381cc1bc43ba2f8cdb64cbbe 14846 apache-log4j2_2.17.1-1_amd64.buildinfo
Files:
 d702a1fb3bf2a5cf2e6cd93f7ffc672f 3019 java optional apache-log4j2_2.17.1-1.dsc
 6699f6c7aff5a7bb0ae6be954e0ee863 1291432 java optional apache-log4j2_2.17.1.orig.tar.xz
 abb8db63adfe302f10fb62aae463d66f 7664 java optional apache-log4j2_2.17.1-1.debian.tar.xz
 09800483666d7f9218b8493683d3f058 14846 java optional apache-log4j2_2.17.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmHMQ9BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkF6IQAJBsiEevHMm9QPYQLWlehP+o56YHux+j39Tt
+Fc1XCC0OQaovFS5FV71hauDTj6DR/kdQ1DdRvkh4aWFGjQCANfUfqU1LO4bI3s7
+WwfcFxxoEoQND2pBLwwOKVss43sfSnab+Iyb20GfauxWhw9IEgff/mlGIU8wixJ
NhNgw5xVeVT9qoOYI5yRPE8FhPCoqxYED+Fuforg3uKAzhh1FaXIIE7ss5+n0rnM
CNu+vNYl+CvVpE3xfwDTVxudwTRn0qhUxlvNKzawQanWKCuYmdrihnjiywZFT9tO
xgE9V337X1iVPSn3ZEck6EQG4VZswS6zDtEk90RVysuuZK0wEGNDX+7/h7PbHPmo
iLNlud8qG+Fc1aDAbLiFVdHidlpdStoHiIF1ID15z2JcnW7+z2WKybRJ1kwbvaOB
WP4OiuqeOEhjLNTyDIvWdu+xC25/BW/jGFHEP1Piw1V8daJ+PEqVSuP+J252eQ6q
anfDZcq4FCsXbkEe5bdy1Aow13E+iXocQSRhHMH6WsEJWbIy8EC3mocBkZ3M+iuu
4hPvsjDOCc/zdplpCYDIk4vNlcmweOPeGmVVt73YiYQdatRNn0vGIQNJpnQkDT2+
3ETAZLXSvHoGhKtOtSUADeZD8/XfRviwBdJb4HHVcCu7y/sKMnBLxZ9/ml8qLO2W
N2DgtyZQ
=pzaA
-----END PGP SIGNATURE-----