apache-log4j1.2 1.2.17-8+deb10u1 source package in Debian
Changelog
apache-log4j1.2 (1.2.17-8+deb10u1) buster-security; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
-- Markus Koschany <email address hidden> Sat, 02 May 2020 16:46:05 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Buster
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j1.2_1.2.17-8+deb10u1.dsc | 2.4 KiB | bb6b440f13bbbfbdf98df055acc4a5742a52b5b532e0b3503c0783c53092007e |
| apache-log4j1.2_1.2.17.orig.tar.gz | 539.1 KiB | f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f |
| apache-log4j1.2_1.2.17-8+deb10u1.debian.tar.xz | 9.7 KiB | 6d8ae488afab3ee374fa6f2eb4048a6790284184e14d430011e5a3cd200727fe |
No changes file available.
