Publishing details

Published on 2020-01-12
Copied from debian sid in Primary Archive for Debian GNU/Linux by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)

Changelog

apache-log4j1.2 (1.2.17-9) unstable; urgency=high

  * Team upload.
  * Fix CVE-2019-17571. (Closes: #947124)
    Included in Log4j 1.2 is a SocketServer class that is vulnerable to
    deserialization of untrusted data which can be exploited to remotely
    execute arbitrary code when combined with a deserialization gadget when
    listening to untrusted network traffic for log data.
  * Switch to debhelper-compat = 12.
  * Declare compliance with Debian Policy 4.4.1.
  * Use canonical VCS URI.

 -- Markus Koschany <email address hidden>  Sat, 11 Jan 2020 23:06:27 +0100

Available diffs

diff from 1.2.17-8 to 1.2.17-9 (3.6 KiB)

Builds

amd64

Built packages

liblog4j1.2-java Logging library for java

liblog4j1.2-java-doc Documentation for liblog4j1.2-java

Package files

apache-log4j1.2_1.2.17-9.debian.tar.xz (9.7 KiB)
apache-log4j1.2_1.2.17-9.dsc (2.4 KiB)
apache-log4j1.2_1.2.17.orig.tar.gz (539.1 KiB)
liblog4j1.2-java-doc_1.2.17-9_all.deb (484.3 KiB)
liblog4j1.2-java_1.2.17-9_all.deb (424.8 KiB)