apache-log4j1.2 1.2.17-8+deb10u1build0.18.04.1 source package in Ubuntu


apache-log4j1.2 (1.2.17-8+deb10u1build0.18.04.1) bionic-security; urgency=medium

  * fake sync from Debian

apache-log4j1.2 (1.2.17-8+deb10u1) buster-security; urgency=high

  * Team upload.
  * Fix CVE-2019-17571. (Closes: #947124)
    Included in Log4j 1.2 is a SocketServer class that is vulnerable to
    deserialization of untrusted data which can be exploited to remotely
    execute arbitrary code when combined with a deserialization gadget when
    listening to untrusted network traffic for log data.

 -- Paulo Flabiano Smorigo <email address hidden>  Mon, 14 Sep 2020 15:35:14 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo on 2020-09-14
Uploaded to:
Original maintainer:
Debian Java Maintainers
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2020-09-14 universe java
Bionic security on 2020-09-14 universe java


Bionic: [FULLYBUILT] amd64


File Size SHA-256 Checksum
apache-log4j1.2_1.2.17.orig.tar.gz 539.1 KiB f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f
apache-log4j1.2_1.2.17-8+deb10u1build0.18.04.1.debian.tar.xz 9.7 KiB d840b4e892ddeaf0d688f745187f5898c88120874651e55c4452ba64c5d6f783
apache-log4j1.2_1.2.17-8+deb10u1build0.18.04.1.dsc 2.4 KiB e029f4dbbdaeaee61c0076db641c1738e0ecf3633fdde7e5d4fe18b494a3710b

View changes file

Binary packages built by this source

liblog4j1.2-java: Logging library for java

 log4j is a tool to help the programmer output log statements to a variety of
 output targets.
 It is possible to enable logging at runtime without modifying the application
 binary. The log4j package is designed so that log statements can remain in
 shipped code without incurring a high performance cost.
 One of the distinctive features of log4j is the notion of hierarchical
 loggers. Using loggers it is possible to selectively control which log
 statements are output at arbitrary granularity.
 Log4j can output to: a file, a rolling file, a database with a JDBC driver,
 many output asynchronously, a JMS Topic, a swing based logging console,
 the NT event log, /dev/null, a SMTP server (using javamail), a socket server,
 syslog, telnet daemon and stdout.
 The format of the output can be defined using one of the various layout
 (or user defined layout) like: simple text, html, date, pattern defined and

liblog4j1.2-java-doc: Documentation for liblog4j1.2-java

 The javadoc API documentation for the logging library
 from the Apache Jakarta project. The documentation is
 for the version 1.2 of the log4j API.