Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted apache-log4j1.2 1.2.17-7+deb9u1 (source all) into oldstable->embargoed, oldstable
Date: Fri, 15 May 2020 22:15:12 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2020 16:38:32 +0200
Source: apache-log4j1.2
Binary: liblog4j1.2-java liblog4j1.2-java-doc
Architecture: source all
Version: 1.2.17-7+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 liblog4j1.2-java - Logging library for java
 liblog4j1.2-java-doc - Documentation for liblog4j1.2-java
Closes: 947124
Changes:
 apache-log4j1.2 (1.2.17-7+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2019-17571. (Closes: #947124)
     Included in Log4j 1.2 is a SocketServer class that is vulnerable to
     deserialization of untrusted data which can be exploited to remotely
     execute arbitrary code when combined with a deserialization gadget when
     listening to untrusted network traffic for log data.
Checksums-Sha1:
 ce9f1dcc0e56d66ca184e91446227245fdf74c7f 2497 apache-log4j1.2_1.2.17-7+deb9u1.dsc
 a03a876f4ada27f8053564b23bc04e30b6449ac5 9900 apache-log4j1.2_1.2.17-7+deb9u1.debian.tar.xz
 29b16b3abc1cd94f7a5266de0ecd3eaea64d6acc 11600 apache-log4j1.2_1.2.17-7+deb9u1_amd64.buildinfo
 2487f9e30f98fcceab0f717d0cf8b85c6ebea46f 248308 liblog4j1.2-java-doc_1.2.17-7+deb9u1_all.deb
 18ba7701cdd240e4f1b46867ee59429a53cda2e8 430572 liblog4j1.2-java_1.2.17-7+deb9u1_all.deb
Checksums-Sha256:
 10a58d90a8b2c7c8ca6d2fc19e1799dc8c0cc1d78efba9bb79d2b736608f75b9 2497 apache-log4j1.2_1.2.17-7+deb9u1.dsc
 963631dd761cf3275159450838d3460bfa8d7041159765a060de7a8e141c6c6d 9900 apache-log4j1.2_1.2.17-7+deb9u1.debian.tar.xz
 78c17606857df9efe35463f3cb3d4205d821eb75983edddabe29afd9c73ceb01 11600 apache-log4j1.2_1.2.17-7+deb9u1_amd64.buildinfo
 549886bf31a46846528055f5655d7885eacdbc360d8421cce531dbdc7f337af7 248308 liblog4j1.2-java-doc_1.2.17-7+deb9u1_all.deb
 93ad2eb90ed0820adede976ab9b277a007db7e310a449ef128d5b8ddf690b484 430572 liblog4j1.2-java_1.2.17-7+deb9u1_all.deb
Files:
 f8d6b1d379436c02dc2152c96352ce7a 2497 java optional apache-log4j1.2_1.2.17-7+deb9u1.dsc
 fd288d6c3d9bebfb1a60845568f0c048 9900 java optional apache-log4j1.2_1.2.17-7+deb9u1.debian.tar.xz
 d866856e963c7cdf7d3711f68495d7a4 11600 java optional apache-log4j1.2_1.2.17-7+deb9u1_amd64.buildinfo
 d36b14ed6875869cba5bf9ffcfb83753 248308 doc optional liblog4j1.2-java-doc_1.2.17-7+deb9u1_all.deb
 d1e37289a227840d4084211ba068583f 430572 java optional liblog4j1.2-java_1.2.17-7+deb9u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl63D6FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVvoP/RsbD31Yy/UznaEq6MrARp1R5Z5/Y1G5Or1E
SNLAUYkf9fEoey45SsD6QRiGfybhuRm69QyabfDsTZhxxY1ENh5jsTMIIK7Xppl7
GZGta48idUu8CHOBSDS6bM+Rqw/GtfrvGTl4jCHQB7FXhGtEmGd5oyZxAWjscH89
A13jnUU8BWmuoabN5fY60pnVt2+pZucvHrJVmyLXNcPMtYOdAODSJEPSLayXnMMk
Vr6yNCdjtyaC2inNVq7ub1J6eOQejccCH6wmCg2BBZ1qfTOq4871ynrCxXMnf742
edG9+7fXaUuwhxihgFLKdCBBBdatAXx0irFDzzZZLtVkgD4hN6qK1WIGGUSN887O
AEzEuELUKiHQN/pViCwjs9y3310ZAwY8BWQaMbH6DugCPKaPsihKPdzyKob4ih/f
24R3WWXUR7iCRvY8HAmG9ZDvac82QaC0XEbzffx2hhggeDDt6XJ7w9sucDQMuABH
xyi90Rba8ilc1sdxzE2R0PVAzTv4Dnm/XmNDN6ZOg0AcERHTwCIGs6E8xWpjiMtS
RM4JIwNr8+pHFXcitay/SBoFuir61h52BLDgt1DV5NPI6Ve9NxK/Ul5dKsb9X7g7
vDcbno5XmwQhWZSfDotS5RoJ0O2rUFh2FfWJ96h+hOvOqXv3zvFV8HN0y8EybtVJ
e4e3pKTH
=j4wv
-----END PGP SIGNATURE-----
News for package apache-log4j1.2
