[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted apache-log4j2 2.7-2+deb9u1 (source) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Dec 2021 02:17:57 +0100
Source: apache-log4j2
Architecture: source
Version: 2.7-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 apache-log4j2 (2.7-2+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-44228:
     Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features
     used in configuration, log messages, and parameters do not protect
     against attacker controlled LDAP and other JNDI related endpoints. An
     attacker who can control log messages or log message parameters can
     execute arbitrary code loaded from LDAP servers when message lookup
     substitution is enabled.
Checksums-Sha1:
 ded2203a8ea2c7c284eb678ffc74187d49f64883 3040 apache-log4j2_2.7-2+deb9u1.dsc
 0cba98226e45d7eecf411ab391c8765180eb2d45 857800 apache-log4j2_2.7.orig.tar.xz
 3934ee630c65218f12e543440a4aa2995dbe7a79 9500 apache-log4j2_2.7-2+deb9u1.debian.tar.xz
 f4028bf964686f017abfbe6b4540c4a87e745a20 8396 apache-log4j2_2.7-2+deb9u1_source.buildinfo
Checksums-Sha256:
 b6ea1ce0bb87444eb7c98714a2867d239c2c04f204bbd1b9958353364436ad46 3040 apache-log4j2_2.7-2+deb9u1.dsc
 a18502b624769d24aa470c3cef134ec7d2f2578342d4afda552a457e88d1c177 857800 apache-log4j2_2.7.orig.tar.xz
 5e99f6ac3c1255e4bfcd49de918a687490d3ca30e157596fb16124bfc6cdd57f 9500 apache-log4j2_2.7-2+deb9u1.debian.tar.xz
 45d7c95561ebdba0271cc614c5f0813aa0ad5f6cc86a860ed8163a2563f093c1 8396 apache-log4j2_2.7-2+deb9u1_source.buildinfo
Files:
 f28dec97e92f76d12fa0913aaa51ab51 3040 java optional apache-log4j2_2.7-2+deb9u1.dsc
 537212527a309018ad3e2b0dca04ddc1 857800 java optional apache-log4j2_2.7.orig.tar.xz
 fc662fec5ef07404b3b5ca5281d583e4 9500 java optional apache-log4j2_2.7-2+deb9u1.debian.tar.xz
 76be0bac33f9eafbba2655662a2a6520 8396 java optional apache-log4j2_2.7-2+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG2A/VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkr4wP/2/XJY47Yq6CESbAYXh9m14HW4WdL1ovgGXk
y9ZpA6KE6fKjr9iZF6QZzNYjngaLpQw1oBdD3+STYM2cSfTHTD6fHCGLgV9+MMka
4WWaCu3/+BLE6K4S3wp51fzkb8yh4myJnkRnIdD0Fo4sOm6hqIG74AjfmcqszyqA
8nkbdGHackIUfFrcBYf8nRWh6NU4uYuH6k2+bzk/jLeErvyT46PH09igExMnwDY2
NRZb7wjpWdCTF+npCcLTD/O7Jxg8RmaPg8G+dn7VskqpTW8lMo2YotWL5Lbb2OBO
vxwoMj/Vx8kdc7hKsRdBsJqQGYlyfqhy/Web6KgjmxkWOGH5/WxOwHl+PxrCzTVK
lT7Vv8Ua5JNKVn0y0twFYuZ18mItzVHG3ZRxcHq7k6Cq8hgLq/G5ZkuPfIYVUlGX
m1Wqhd6QxgtV4RuSDWb8NHHlHkGfia5ASMB6DsYAOPLG5du9aTyoygsx+mv3c6IC
hW2O+Nq8HHzBsfh6kHj6EIjK12JHfxv6iYHRU+qvi9mkn4cdTfcCHjxYgER7BLvb
vaym7o0qu8faX8wu4n4xsjyXKb57OH8x/BsIp3R9M4Zh/FNA1+kSaAGPgQHOYqsh
D6aAv2L3rNLdNp7fof9IDGs1LVa6XMsDCWaIUMgX5QTSsuCFuEaJxPGnk5xi5n9/
QfN3yQ/7
=ShEh
-----END PGP SIGNATURE-----


Reply to: