Information on source package apache-log4j1.2

Available versions

ReleaseVersion
stretch1.2.17-7+deb9u1
stretch (security)1.2.17-7+deb9u2
buster1.2.17-8+deb10u2
buster (security)1.2.17-8+deb10u1
bullseye1.2.17-10+deb11u1
bookworm1.2.17-11
sid1.2.17-11

Resolved issues

BugDescription
CVE-2022-23307CVE-2020-9493 identified a deserialization issue that was present in A ...
CVE-2022-23305By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...
CVE-2022-23302JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...
CVE-2021-4104JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...
CVE-2019-17571Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...

Security announcements

DSA / DLADescription
DLA-2905-1apache-log4j1.2 - security update
DSA-4686-1apache-log4j1.2 - security update
DLA-2065-1apache-log4j1.2 - security update

Search for package or bug name: Reporting problems