: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/apache-log4j1.2.git
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/java-team/apache-log4j1.2
- Last scan: 2020-08-01 05:11:07+00
- Next scan: 2020-08-06 23:52:00+00
- Debian changelog in Git:
apache-log4j1.2 (1.2.17-9) unstable; urgency=high
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
* Switch to debhelper-compat = 12.
* Declare compliance with Debian Policy 4.4.1.
* Use canonical VCS URI.
-- Markus Koschany <email@example.com> Sat, 11 Jan 2020 23:06:27 +0100
- This branch is even with tag debian/1.2.17-9