Publishing details

• Published on 2020-07-18

Changelog

apache-log4j1.2 (1.2.17-7+deb9u1) stretch-security; urgency=high

  * Team upload.
  * Fix CVE-2019-17571. (Closes: #947124)
    Included in Log4j 1.2 is a SocketServer class that is vulnerable to
    deserialization of untrusted data which can be exploited to remotely
    execute arbitrary code when combined with a deserialization gadget when
    listening to untrusted network traffic for log data.

 -- Markus Koschany <email address hidden>  Sat, 02 May 2020 16:38:32 +0200

Builds

Package files

• apache-log4j1.2_1.2.17-7+deb9u1.debian.tar.xz (9.7 KiB)
• apache-log4j1.2_1.2.17-7+deb9u1.dsc (2.4 KiB)
• apache-log4j1.2_1.2.17.orig.tar.gz (539.1 KiB)