apache-log4j1.2 1.2.17-8+deb10u2 source package in Debian
Changelog
apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium * Team upload. * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307. Multiple security vulnerabilities have been discovered in Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and JMSAppender or Apache Chainsaw. Note that a possible attacker requires write access to the Log4j configuration and the aforementioned features are not enabled by default. In order to completely mitigate against these vulnerabilities the related classes have been removed from the resulting jar file. -- Markus Koschany <email address hidden> Sat, 12 Feb 2022 10:40:19 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Buster
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Buster | release | main | java |
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
apache-log4j1.2_1.2.17-8+deb10u2.dsc | 2.4 KiB | 50c39d8f7ccad36922d13fdacae54e12e270bef3f364f5ef6e802efd1b9904ca |
apache-log4j1.2_1.2.17.orig.tar.gz | 539.1 KiB | f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f |
apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz | 26.5 KiB | 2020d64ea272c5bedc8bada4cd936d4df803fa17117a372def73f2b807ea788d |
No changes file available.