apache-log4j1.2 1.2.17-8+deb10u2 source package in Debian
Changelog
apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
-- Markus Koschany <email address hidden> Sat, 12 Feb 2022 10:40:19 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Buster
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main | java |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j1.2_1.2.17-8+deb10u2.dsc | 2.4 KiB | 50c39d8f7ccad36922d13fdacae54e12e270bef3f364f5ef6e802efd1b9904ca |
| apache-log4j1.2_1.2.17.orig.tar.gz | 539.1 KiB | f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f |
| apache-log4j1.2_1.2.17-8+deb10u2.debian.tar.xz | 26.5 KiB | 2020d64ea272c5bedc8bada4cd936d4df803fa17117a372def73f2b807ea788d |
No changes file available.
