1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted apache-log4j1.2 1.2.17-10+deb11u1 (source) into proposed-updat

    From Debian FTP Masters@21:1/5 to All on Sat Mar 5 19:10:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 12 Feb 2022 10:54:14 +0100
    Source: apache-log4j1.2
    Architecture: source
    Version: 1.2.17-10+deb11u1
    Distribution: bullseye
    Urgency: medium
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Changes:
    apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium
    .
    * Team upload.
    * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
    Multiple security vulnerabilities have been discovered in
    Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
    JMSAppender or Apache Chainsaw. Note that a possible attacker requires
    write access to the Log4j configuration and the aforementioned features are
    not enabled by default. In order to completely mitigate against these
    vulnerabilities the related classes have been removed from the resulting
    jar file.
    Checksums-Sha1:
    afb5b7c62e671b5642f14227881e9f31c1cf0e2b 2495 apache-log4j1.2_1.2.17-10+deb11u1.dsc
    29f4a37912946f0721b6b9142b534cbae1505dc1 27116 apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
    dc5a30a64f352954dae098420ae9592b281e3863 9672 apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo
    Checksums-Sha256:
    f7eb156f8a25aa5bd2894023b167eea58cb5044b14b36951c06a1c86a6e8f97a 2495 apache-log4j1.2_1.2.17-10+deb11u1.dsc
    cb18f5702e7f7f461417b5e75a62a463f61a3f68afb0420a0fb9f0958b078e7c 27116 apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
    4963c74a805b129f3c36e85fe36ae8356e6cd2c946a212e48a5e182d6a0b1a26 9672 apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo
    Files:
    298644b1b50d8e1ea5b28444564f88d5 2495 java optional apache-log4j1.2_1.2.17-10+deb11u1.dsc
    88032a838c3e04c70f1398149f1fb1b4 27116 java optional apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz
    9ce538398bde118c443875cf21ac9db9 9672 java optional apache-log4j1.2_1.2.17-10+deb11u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmIJT4lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJ6UP/RjJtr2ZRXTVK4vmVkiqTaltOdyQHxZaG8iv kbEwch+8qi8CHYAnnnqBgJprqfrN6T63rpj9mgBTbsk9ooXECLkNhgV83fB4A5bk 9tQ+P5jSnPGS9uJQG10+lUHx3YYHjZWcs/pLSqKaFsyNDY9Bw9Vgj4Mh8UU7pcnS wAr2JCq8H3ICvMceFqhCek1kN3X0Ird74QiPZXfO9E3TewCADdsPiHeFBDAxobTc b7g3Vd5uQDqmFOQ5DEUW2asvDT9XglVyMzhBLWO/EUMmbSuUDpwxf/+ardwvynCv MDERC7EoRVPGhrfe4vYpiKoIF0MilbPXNU3Zvp5tKDICSE+Uc7tj+N3KCIsjslZ1 3oOlRKARMcIOqNTgIs2EJI9S16ipkc3S0vKeVmPksa63bXckN9hyCJruotbDS470 tkn2punP3mQ9en8IqmCs01ODEhgMRal/4+sMFx2yeHX8AadQA4MAgc1Wb7ty8qje 9wfTwwRn9/5wJF7H/2kDf12L9V5RBCCiOUdr0zYprzmvvkTFqXGP1BIIU8UwGVqP x86/klOJY9lGxMT5TsWKk4ynKIppzpwAgD3TNWCLJC7LESvN5QsMZlz4Om5QOwgU 2qzdq030kQkmWPSm7mIRZGUx4EULjTEVINpOAKmfJDrDGYkOjjY1VsD0DUvbbipY
    QiJeqsXe
    =dVv7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)