Change log for apache-log4j1.2 package in Debian
| 1 → 17 of 17 results | First • Previous • Next • Last |
| Published in buster-release |
apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
-- Markus Koschany <email address hidden> Sat, 12 Feb 2022 10:40:19 +0100
| Published in bullseye-release |
apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
-- Markus Koschany <email address hidden> Sat, 12 Feb 2022 10:54:14 +0100
apache-log4j1.2 (1.2.17-11) unstable; urgency=high
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23305, CVE-2022-23302 and CVE-2022-23307.
(Closes: #1004482)
* Declare compliance with Debian Policy 4.6.0.
-- Markus Koschany <email address hidden> Mon, 31 Jan 2022 11:40:47 +0100
Available diffs
- diff from 1.2.17-10 to 1.2.17-11 (10.4 KiB)
apache-log4j1.2 (1.2.17-10) unstable; urgency=medium
* No longer build the examples to fix the build failure with OpenJDK 17
(Closes: #981854)
* Standards-Version updated to 4.5.1
* Switch to debhelper level 13
* Removed debian/orig-tar.sh
-- Emmanuel Bourg <email address hidden> Fri, 05 Feb 2021 13:07:53 +0100
Available diffs
- diff from 1.2.17-9 to 1.2.17-10 (1.6 KiB)
| Superseded in buster-release |
apache-log4j1.2 (1.2.17-8+deb10u1) buster-security; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
-- Markus Koschany <email address hidden> Sat, 02 May 2020 16:46:05 +0200
| Published in stretch-release |
apache-log4j1.2 (1.2.17-7+deb9u1) stretch-security; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
-- Markus Koschany <email address hidden> Sat, 02 May 2020 16:38:32 +0200
apache-log4j1.2 (1.2.17-9) unstable; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
* Switch to debhelper-compat = 12.
* Declare compliance with Debian Policy 4.4.1.
* Use canonical VCS URI.
-- Markus Koschany <email address hidden> Sat, 11 Jan 2020 23:06:27 +0100
Available diffs
- diff from 1.2.17-8 to 1.2.17-9 (3.6 KiB)
apache-log4j1.2 (1.2.17-8) unstable; urgency=medium * No longer attempt to install the javadoc jar (Closes: #879251) * Relocated the log4j:log4j:debian artifact to log4j:log4j:1.2.x * Build with the DH sequencer instead of CDBS * Fixed a typo in the doc-base title * Moved the package to Git * Standards-Version updated to 4.1.1 * Switch to debhelper level 10 * Refreshed debian/copyright -- Emmanuel Bourg <email address hidden> Sun, 22 Oct 2017 00:55:53 +0200
Available diffs
apache-log4j1.2 (1.2.17-7) unstable; urgency=medium * Team upload. * Transition to bnd 2.1.0. * Vcs-Browser: Use https. -- Markus Koschany <email address hidden> Tue, 17 Nov 2015 18:22:37 +0100
apache-log4j1.2 (1.2.17-6) unstable; urgency=medium * Team upload. * Add missing .class files to .jar (Closes: #791446) -- Hilko Bengen <email address hidden> Tue, 07 Jul 2015 00:47:09 +0200
apache-log4j1.2 (1.2.17-5) unstable; urgency=medium * Team upload. [ Kumar Appaiah ] * debian/control: Remove Kumar Appaiah from uploaders [ Emmanuel Bourg ] * Depend on libmail-java instead of libgnumail-java * Standards-Version updated to 3.9.6 (no changes) * Switch to debhelper level 9 * debian/copyright: Updated to the Copyright Format 1.0 -- Emmanuel Bourg <email address hidden> Tue, 30 Sep 2014 14:26:42 +0200
apache-log4j1.2 (1.2.17-4) unstable; urgency=low
* Removed the dependency on libjboss-jmx-java since javax.management
is now part of the JDK.
* Enabled the compilation of the org.apache.log4j.jmx.Agent class
* Added a description to build_fix.patch
-- Emmanuel Bourg <email address hidden> Tue, 27 Aug 2013 09:52:20 +0200
apache-log4j1.2 (1.2.17-3) unstable; urgency=low * Removed the dependency on the Activation Framework (libgnujaf-java) * debian/rules: Improved the clean target * Use canonical URLs for the Vcs-* fields -- Emmanuel Bourg <email address hidden> Thu, 16 May 2013 14:46:43 +0200
apache-log4j1.2 (1.2.17-2) unstable; urgency=low * Team upload. * Upload to unstable. -- tony mancill <email address hidden> Mon, 06 May 2013 20:43:34 -0700
| Deleted in experimental-release (Reason: None provided.) |
apache-log4j1.2 (1.2.17-1) experimental; urgency=low * Team upload. * New upstream release * Refreshed the patch * debian/watch: Fixed the URL * Updated Standards-Version to 3.9.4 (no changes) [ Tony Mancill ] * Remove Michael Koch from Uploaders. (Closes: #653986) -- Emmanuel Bourg <email address hidden> Tue, 02 Apr 2013 15:23:23 +0200
apache-log4j1.2 (1.2.16-3) unstable; urgency=low * Add Bundle-SymbolicName to jar manifest * Update Import-Package OSGi attribute * Add Jakub Adam to Uploaders * Updated Standards-Version to 3.9.2 * Removed Thomas Koch from Uploaders. Thanks for your contributions. -- Jakub Adam <email address hidden> Sun, 27 Nov 2011 19:01:34 +0100
apache-log4j1.2 (1.2.16-2) unstable; urgency=low
[ Ludovic Claude ]
* Add myself to uploaders
* Rename source package to apache-log4j1.2 (Closes: #598007)
* d/maven.rules: use * instead of jar to match log4j, as
version 1.2.16 has a pom type of 'bundle' and this
means that the version installed in the Maven repository
is 'debian' instead of '1.2.x' (Closes: #618263)
* d/control: update Homepage to reflect the new location of log4j
* include OSGi metadata in the jar, add Build-Depends on bnd
* Add --has-package-version to libapache-log4j1.2-java.poms
* Deploy javadoc jar into the Maven repository
[ Niels Thykier ]
* Updated Vcs-* fields.
[ Torsten Werner ]
* Remove Kalle from Uploaders list.
* Do no longer build the liblog4j1.2-java-gcj package.
* Fix typo in Description.
-- Torsten Werner <email address hidden> Fri, 23 Sep 2011 23:03:09 +0200
| 1 → 17 of 17 results | First • Previous • Next • Last |
