Forum: >>> Magnum BBS <<<

Accepted apache-log4j1.2 1.2.17-8+deb10u2 (source) into oldstable-propo

From Debian FTP Masters@21:1/5 to All on Sun Feb 13 23:10:01 2022

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Feb 2022 10:40:19 +0100
Source: apache-log4j1.2
Architecture: source
Version: 1.2.17-8+deb10u2
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium
.
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
Checksums-Sha1:
797de5898915417869b83c322ba1fe6f7f91bd9a 2500 apache-log4j1.2_1.2.17-8+deb10u2.dsc
4a988a8b03f4e907327a225b50c5f27f8600e287 552081 apache-log4j1.2_1.2.17.orig.tar.gz
a000282e96428fb2645511f1c02378887a8c10a2 27164 apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
7c9bf169e7d77dab6ba720b63a742b4d2ddbe140 9342 apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo
Checksums-Sha256:
50c39d8f7ccad36922d13fdacae54e12e270bef3f364f5ef6e802efd1b9904ca 2500 apache-log4j1.2_1.2.17-8+deb10u2.dsc
f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f 552081 apache-log4j1.2_1.2.17.orig.tar.gz
2020d64ea272c5bedc8bada4cd936d4df803fa17117a372def73f2b807ea788d 27164 apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
9fb83b2fdf4ef122c4075324bac3bbe622c33d30a112393f44f8ec0e026aead0 9342 apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo
Files:
27ece2294b97cff82d83ca1717b024ab 2500 java optional apache-log4j1.2_1.2.17-8+deb10u2.dsc
9a5f6f7ee471525673a647d86f311e22 552081 java optional apache-log4j1.2_1.2.17.orig.tar.gz
e77040c5ad61ea47907b4fa61f83f330 27164 java optional apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz
c02fc0870ce29593fb547391484a9896 9342 java optional apache-log4j1.2_1.2.17-8+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmIJJaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0WwQAMRR/9RX5lc26Crnt9QuT5GKTPV5JZrXZ7MB dV9QYUVXB+rw4tTmxh9ZBokKBvmckgU6mVn/A/3F6hLyi9IJUt7tEu7zlmEVdw9F CaZKt3CWdTombAfeC3x94w2v85/OUEKUxjcLo+qzCgJB/1cxsThrMTtOi/AxK7a5 82+2U/7l2Fi6Z53zmnTIXVoZ2hLS1MyI4RuOGk5UslapsXxBYpLIwTdlTZjMX/0u 1jf4u2maSP4VCE1/LAgu9ih20bKlNrKlPiUEP97I6TkTvZ9GbKSKSgQ19Vnb9WsZ U5TwNQ4n9WUprx7qNgOfuTwS3WgCkSZGzh2TeX5OWQ1Urbp3DN/uFv7cH8/OaX/+ JvisZGsgsm1Js9etIbSK0Zh5w2qp2SpboYyTKCJEG5P6oVRka+UCXGmEBGPjsIuT W37ysmMh1vpSAu+zFokY4OaUBFefT+L4SSPVkQ7aC1lhnZiYNTWgod2yp7Y5zwQd a9p7QzwExrZCcvYmOweOxAZEJTS0MCDZDJy0iPzjMReQjShg/Zbl9AtyjySNa7N0 Ej75eq1R2FfjJf8tnpjVAFzufj5NW9iYn5kjvNSfPfqoTd7j2SPeck+D1NticDPg CbYYfhJPrJIseFUXrG6LP2c3OLHr6TE8PTfC/FgFRcBQF2KXhgSF7zeIlb8iKbNF
Dh9guP7B
=VmsU
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Briels
  Tue Apr 23 20:54:03 2024
  from Uk via SSH
- Michal Wronka
  Wed Apr 24 14:13:57 2024
  from Wroclaw, Poland via SSH
- Michal Wronka
  Wed Apr 24 14:02:51 2024
  from Wroclaw, Poland via SSH
- Guest
  Wed Apr 24 01:40:10 2024
  from A via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	296
Nodes:	16 (2 / 14)
Uptime:	28:44:04
Calls:	6,648
Calls today:	3
Files:	12,193
Messages:	5,328,173

Accepted apache-log4j1.2 1.2.17-8+deb10u2 (source) into oldstable-propo

Who's Online

Recent Visitors

System Info