Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted apache-log4j1.2 1.2.17-8+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates
Date: Sat, 16 May 2020 20:21:38 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2020 16:46:05 +0200
Source: apache-log4j1.2
Binary: liblog4j1.2-java liblog4j1.2-java-doc
Architecture: source all
Version: 1.2.17-8+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 liblog4j1.2-java - Logging library for java
 liblog4j1.2-java-doc - Documentation for liblog4j1.2-java
Closes: 947124
Changes:
 apache-log4j1.2 (1.2.17-8+deb10u1) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2019-17571. (Closes: #947124)
     Included in Log4j 1.2 is a SocketServer class that is vulnerable to
     deserialization of untrusted data which can be exploited to remotely
     execute arbitrary code when combined with a deserialization gadget when
     listening to untrusted network traffic for log data.
Checksums-Sha1:
 370f4757ed517251293211fea7ed4bf9f59ea151 2497 apache-log4j1.2_1.2.17-8+deb10u1.dsc
 2cba16006cb6f16dfb0eb83dab94af179ddad5f5 9908 apache-log4j1.2_1.2.17-8+deb10u1.debian.tar.xz
 691ab57d543d668222d1ca27b854b4d4eef3f3b1 9034 apache-log4j1.2_1.2.17-8+deb10u1_amd64.buildinfo
 b018f098d8f3ed52d54aecd485872b6601484099 498624 liblog4j1.2-java-doc_1.2.17-8+deb10u1_all.deb
 a24ff7740874d0daf3b47e6db9098afaf98d0f37 437744 liblog4j1.2-java_1.2.17-8+deb10u1_all.deb
Checksums-Sha256:
 bb6b440f13bbbfbdf98df055acc4a5742a52b5b532e0b3503c0783c53092007e 2497 apache-log4j1.2_1.2.17-8+deb10u1.dsc
 6d8ae488afab3ee374fa6f2eb4048a6790284184e14d430011e5a3cd200727fe 9908 apache-log4j1.2_1.2.17-8+deb10u1.debian.tar.xz
 486d4df7ecdb3ea0530560803667f948a1b532cb2049dd6f8a48929653e0331b 9034 apache-log4j1.2_1.2.17-8+deb10u1_amd64.buildinfo
 e91d215b9be4ff75a353d5e62156b2fa40dc6d1a60e781740de38f4e1046c99a 498624 liblog4j1.2-java-doc_1.2.17-8+deb10u1_all.deb
 24c66265ada8f249eaeb81da599e121cb03648d341c7b9bd0895e49bed1137e7 437744 liblog4j1.2-java_1.2.17-8+deb10u1_all.deb
Files:
 f69ea6df5cc7a3598e47d0a12c29970e 2497 java optional apache-log4j1.2_1.2.17-8+deb10u1.dsc
 9758d7b41669e649b8350931e7ca0cc2 9908 java optional apache-log4j1.2_1.2.17-8+deb10u1.debian.tar.xz
 c87b15c16ac5976454e3204221fbe9b4 9034 java optional apache-log4j1.2_1.2.17-8+deb10u1_amd64.buildinfo
 c3a2510b76553817f6801930baf959f1 498624 doc optional liblog4j1.2-java-doc_1.2.17-8+deb10u1_all.deb
 4fb9fef3597cd24e5c6eafcae6e594c8 437744 java optional liblog4j1.2-java_1.2.17-8+deb10u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl63D7JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2akP/ir/gp8308LYK92Gm+PeE89rA6eFqPcUn/Fo
Wj0nElkOns3b5JZSIU/t3NQn+ZifdLc8FAJ27LOdt0y7Aszv8vrCh4/Eaoptn4ei
GGmX0fgAtRPgzHciI6OywFFnOlF20rxX9KHGno7dIZdBP4wWvvWW7Jhg+5wj9Ja2
g/13Jf60upRYzkJGZIVy8/7sn3thUvAAM+Z1Vup/kr2kYx5uGj789+HCH67+BlNH
XdVWq90B4ALPZ8jEcZd0zc7GYmwosfWZMEQJlM6RPirFAm62pYS7St9sWoMdi/E4
8KVISr3K1O5f+qJMGzjIfsyhDiLhoFcgNKlmaQYYthhIinHmOyGZsipoLbgu+AoQ
rZ0ViFCyQ9OS/ZZPLuDq8tLAu75+rdzVZ4RVkolwmd8zwBzb44F6XOMNqKOxswVo
l2RmcCbUolQocXkZBd2K6/8zZh9Gullpnu+qCc7ntvc0B2k34pPRsSMfgZCueeXq
tLgg1e4QZR3NtSgZ1pM/UKlBT1UiIoeu2QrEII0lYNjHeNcDrx8WcW3zzJOXkOdk
w5m50XBLMoYNYXSkRpbPXGbPUnIwRfyhdzFCgND2ZBlZhiLksvpsTAFhoDTFa5/k
wHRtlGEOAyUnRhPYR1x3k6O9+LwXqqMhPLt+AVnGq1tHzQ0PD05JeCLd+izj4Dfi
CYYDhbUV
=Rf1q
-----END PGP SIGNATURE-----
News for package apache-log4j1.2
