apache-log4j1.2 1.2.17-9 source package in Ubuntu

Changelog

apache-log4j1.2 (1.2.17-9) unstable; urgency=high

  * Team upload.
  * Fix CVE-2019-17571. (Closes: #947124)
    Included in Log4j 1.2 is a SocketServer class that is vulnerable to
    deserialization of untrusted data which can be exploited to remotely
    execute arbitrary code when combined with a deserialization gadget when
    listening to untrusted network traffic for log data.
  * Switch to debhelper-compat = 12.
  * Declare compliance with Debian Policy 4.4.1.
  * Use canonical VCS URI.

 -- Markus Koschany <email address hidden>  Sat, 11 Jan 2020 23:06:27 +0100

Upload details

Uploaded by:
Debian Java Maintainers
Uploaded to:
Sid
Original maintainer:
Debian Java Maintainers
Architectures:
all
Section:
java
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Focal release universe java

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
apache-log4j1.2_1.2.17-9.dsc 2.4 KiB 94af9dc41077911b2a9f18cd01efe56996cfe5dcabaf8541e48718c0cddb9569
apache-log4j1.2_1.2.17.orig.tar.gz 539.1 KiB f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f
apache-log4j1.2_1.2.17-9.debian.tar.xz 9.7 KiB 303485eef0bc8c6c1de0b60e89aec879a34df74af74f2a136052c9c93c983363

Available diffs

No changes file available.

Binary packages built by this source

liblog4j1.2-java: No summary available for liblog4j1.2-java in ubuntu hirsute.

No description available for liblog4j1.2-java in ubuntu hirsute.

liblog4j1.2-java-doc: No summary available for liblog4j1.2-java-doc in ubuntu hirsute.

No description available for liblog4j1.2-java-doc in ubuntu hirsute.