Publishing details
Changelog
apache-log4j1.2 (1.2.17-7+deb9u1) stretch-security; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
-- Markus Koschany <email address hidden> Sat, 02 May 2020 16:38:32 +0200
Builds
Package files