-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Dec 2021 17:09:22 +0100 Source: apache-log4j2 Architecture: source Version: 2.17.0-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 1001891 Changes: apache-log4j2 (2.17.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.17.0. - Fix CVE-2021-45105: Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service. (Closes: #1001891) Thanks to Salvatore Bonaccorso for the report. Checksums-Sha1: 0d171b8f17b5283c1256f1057434ec549c48f180 3019 apache-log4j2_2.17.0-1.dsc 24838ff3852d4043c5337b090c501698360eef85 1287192 apache-log4j2_2.17.0.orig.tar.xz 1be40de7bb76e481450500ac0e0cecae49d6f5c7 7512 apache-log4j2_2.17.0-1.debian.tar.xz b328759a2b88bf9b61cca1d9653a4266efccf5b5 14605 apache-log4j2_2.17.0-1_amd64.buildinfo Checksums-Sha256: 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81 3019 apache-log4j2_2.17.0-1.dsc 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 1287192 apache-log4j2_2.17.0.orig.tar.xz 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615 7512 apache-log4j2_2.17.0-1.debian.tar.xz 1667ee35ec38a88d8f061b75f90310c2c30f3508d807fd4049c0b2c3371ba69b 14605 apache-log4j2_2.17.0-1_amd64.buildinfo Files: 6d558abdcd0854507226750b2f16efa4 3019 java optional apache-log4j2_2.17.0-1.dsc 61eb8d0690bb3f95ec55ec6eeb0c27ad 1287192 java optional apache-log4j2_2.17.0.orig.tar.xz 05b20bec8c21bb309cfb96cf062649d5 7512 java optional apache-log4j2_2.17.0-1.debian.tar.xz b5c3c482cc77bd84bf57fcb14b8b063c 14605 java optional apache-log4j2_2.17.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+IBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkyoMP/1VnBa1nsnwiKM4datS0eeVuo9+vaBp9rDI+ YjwCB9FH78d6vD6OgS3pnb8yRhOR1Q57BX4qRx3D4r8M3Cqy5ouQLhuCXWMnFwAh aDm+Wd+eOp3kWFr7HGjLXmaAAf4F3Jx6NULCO/DIVS4dYgX910vlh1Y540/uVAPS 1Kr+H6yyTwOFhOh37IOcCiFEt4QTPv4wxNxIeKVq3DqWAwVUnH2KNEAzOw2AoeQE 7oiyFKXwEDdYVLLSTpcMUpRdEU7kSKOf/kku6I1N8B2SWSns8B0sKPST9uT26aUV KZ5XyWm/uazAAEcmt1ngsqBbBEuBKUOFCdPg206DmgSEpg2WtlZyDDw1HfCkGn3u nqvqRe0kHogZ745tr4WebiHQAtABS7icaDMgXGrmFxfPOorRhFBjmAorx5fOi666 i7eoN+pdsJx3WV0znRMK4hlD7F7e5mCCxlguyxqQT6EMMu2WIe5257GrCQ3BOmyy mbTnhbgJqDwru+Zwkw+98DrF1bYfMb1xvEf/j5f/XZCsR7BXROFozTL7yHc5G+wO 8C1KRlqs9Zq62A+P/DtVa2OItc5WcL5AKud24gOzd8aV9acYHDpVLanWWt+GoBV+ iSgsTJJ3IXPSOl9YYqNHF0fbdSUO+uVpWLNB3gEEAqlJyZ6b3THb+rgVadNYReTp LcS0i7sz =5t+i -----END PGP SIGNATURE-----