-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 11 Jan 2020 23:06:27 +0100 Source: apache-log4j1.2 Architecture: source Version: 1.2.17-9 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 947124 Changes: apache-log4j1.2 (1.2.17-9) unstable; urgency=high . * Team upload. * Fix CVE-2019-17571. (Closes: #947124) Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. * Switch to debhelper-compat = 12. * Declare compliance with Debian Policy 4.4.1. * Use canonical VCS URI. Checksums-Sha1: 7509b3e1b006af179cb8fbe4f80e9c87702fcfc8 2456 apache-log4j1.2_1.2.17-9.dsc 473a6d296a4cb7d6a73a5dbea95aa9ef6615cf22 9892 apache-log4j1.2_1.2.17-9.debian.tar.xz c6137a1443683270b7a06a61e8337c46de1d125a 9175 apache-log4j1.2_1.2.17-9_amd64.buildinfo Checksums-Sha256: 94af9dc41077911b2a9f18cd01efe56996cfe5dcabaf8541e48718c0cddb9569 2456 apache-log4j1.2_1.2.17-9.dsc 303485eef0bc8c6c1de0b60e89aec879a34df74af74f2a136052c9c93c983363 9892 apache-log4j1.2_1.2.17-9.debian.tar.xz 69da4f0f1303822592f03e22badb875917c2e7b61eab97e817eb4463d2e6a012 9175 apache-log4j1.2_1.2.17-9_amd64.buildinfo Files: 5b207c7553c7131833d170819c11c22f 2456 java optional apache-log4j1.2_1.2.17-9.dsc df3445aecf28c89eaf78d5e6e20be69d 9892 java optional apache-log4j1.2_1.2.17-9.debian.tar.xz e2c0334016aa0217f7f0ba039e6ad53f 9175 java optional apache-log4j1.2_1.2.17-9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4aR8tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0RUP/RsT0dkqlimlZgvcUbCq8PalXEzqIi/nG5r5 Be9NbHAYvRWTK0dQ62LaEC6+NPfOaL5sQgIHXE+r0+QrU8O1seWMXNnSnUtPXEbP qxbL0lP2zSqIAnCWLuJctkhjD6xyc5kI+g8t2XWM7A/fp/UPvlaxCd3DttErtUa7 7A/B7twkHwrhx94z+ugIjHzdcmoje0Ii6PR2daawiSZWBfFuTVCrKdm6vZJpb+8E TZlxqI/uxSSEZaZ02zpwPJf5rCIpCkFyBT5200eDl5a5fSXTJIvhn+dVjOL7O1bZ +iDkDthK1anlaRjGgoANeWsJUSw+AuoBo5urnwGmG5vXjmSA2ni9weHha6pES6SK FVv+AuSKMcSlxhCModOjTNilOefre4h8omORMoXnKiR2Ez211OnaVYwEVmqnB427 FlIP5yqVlKO8JhvDgO+BdxGcdFoF7LgFl86UUF1dG3maO6tuJ04N4g+F1ynYUd+C UgEQv7YKoqbUGqnHj95I6HDrhbQoQN+4XXIDWOnIXWeCXalLw9TmvZGhMj8ugIGv sy3g8oYWUAIvgLBOEi6EnXv65LdymNwskg3VQlna3+lx+7NHPfxSN6QEs36zQqJI Tlnp9xZVBRhkCyGJTfJ3C35YxiiROM28cvCsYwb1IGpIZkugRFrzlwZfIIReryM8 7lP8eEVr =0orB -----END PGP SIGNATURE-----