[ubuntu/bionic-updates] apache-log4j1.2 1.2.17-8+deb10u1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Apr 4 20:58:19 UTC 2023
apache-log4j1.2 (1.2.17-8+deb10u1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Improper Neutralization
- debian/patches/CVE-2022-23302.patch: Replace lookup code.
- debian/patches/CVE-2022-23305.patch: Add flushBufferSecure and
JdbcPatternParser.
- debian/patches/CVE-2022-23307.patch: Add
HardenedLoggingEventInputStream, HardenedObjectInputStream, and
SocketAppenderTest.java
- CVE-2022-23302
- CVE-2022-23305
- CVE-2022-23307
Date: 2023-03-20 14:48:08.589038+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list