Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted apache-log4j2 2.15.0-1~deb10u1 (source) into oldstable->embargoed, oldstable
Date: Sat, 11 Dec 2021 19:00:37 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Dec 2021 17:15:53 +0100
Source: apache-log4j2
Architecture: source
Version: 2.15.0-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 959450 1001478
Changes:
 apache-log4j2 (2.15.0-1~deb10u1) buster-security; urgency=high
 .
   * Team upload.
   * Backport version 2.15.0 to Buster and fix CVE-2021-44228.
     (Closes: #1001478)
   * Fix CVE-2020-9488:
     Improper validation of certificate with host mismatch in Apache Log4j SMTP
     appender. This could allow an SMTPS connection to be intercepted by a
     man-in-the-middle attack which could leak any log messages sent through
     that appender.
     (Closes: #959450)
Checksums-Sha1:
 ffb40479b8b219aab2a73fd1bbc4e12086d8578e 3051 apache-log4j2_2.15.0-1~deb10u1.dsc
 d4b0810508c362cfd489630533de78d4278341c6 7404 apache-log4j2_2.15.0-1~deb10u1.debian.tar.xz
 76bc8ef9d881c568ea515ccfbe831ce0a5cc0e8d 9100 apache-log4j2_2.15.0-1~deb10u1_source.buildinfo
Checksums-Sha256:
 123a9b731ae57091470152930bfec501ac1fd25f2af582666680ee6ea195063b 3051 apache-log4j2_2.15.0-1~deb10u1.dsc
 fee79ef1a0e7590fda7dc859ab02cfcce3537e5b7df6e8feab12e7d6727f9c79 7404 apache-log4j2_2.15.0-1~deb10u1.debian.tar.xz
 f2c3a3501311a39c42343a3812b1d2c6244d9c40ecd520a57c26cdd19cb530a3 9100 apache-log4j2_2.15.0-1~deb10u1_source.buildinfo
Files:
 0ac4a794ec7e15b7f7b4df3ff2b872cc 3051 java optional apache-log4j2_2.15.0-1~deb10u1.dsc
 4524ea50563045c06f5cd58fc4e452b5 7404 java optional apache-log4j2_2.15.0-1~deb10u1.debian.tar.xz
 7be615a7f5ca0aac35581187c7fbb831 9100 java optional apache-log4j2_2.15.0-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG04AFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkPGgQALQGlSnYBY5KQdwZfVClItJkUD5AkQOrTfZA
5jjAp10b7p2eFVCc5+b3KLI1F64bwkWMHv3knEYWvxMVEudRo4viO1XzCeY+74tj
KXn7Zv3Gukr8knvOHC6l/GDlAumgR2J9BDaCDb/KFfNdhGBx743IuNt+2kVyT+fN
mtPvpvIzfsLE4b9k9bpbjYKdey5tcsuYXV/nHhm54JrwpALjyKFedA6jkwMVpulw
6kQPNdzjEb0wi8s2D21qAVK+Ab7IkrhZ79ikt4J7L6vFVmKuiX7NBDYY3k4g5GNF
ziG2X3qKyDW+ymVfphwFSP9VOA6cj7FIr3zqlQ+3w9WkRukp2ZD0O4FL6RMn3xEx
wbZ6I8ANNnlBnh6+GPMSfkgalf6di/8UbcU6BTnYzaQfZkQYOZFDvHDzVMOT0K/A
de2L3WXbwgTv9D5MgtQybCYmS/cdFNTpOkXf+Pu6B3SC++vFFon+XHFCcYZNE7zX
R4q8h3+aE5CHKyqIT6gx4DesCmjwVQMrjGxzwyOPVYMaZ+cqKt8Laomwn/AXNJog
GVGX4Nt/LTej9rAZioDxIrHMWtHbaub7WbCbGpK2VLWm7n29d+8G2Sh/NHlA7rs7
szpAPBrfgDYNL6vscJVBq+Xqik2br7jT9v5mdYLvb2CZb0LERQ/fWnQbK2mmyOKV
nNWGI0hq
=ngr2
-----END PGP SIGNATURE-----
News for package apache-log4j2
