package release.debian.org tags 1005374 = buster pending thanks Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details ============== Package: apache-log4j1.2 Version: 1.2.17-8+deb10u2 Explanation: resolve security issues [CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307], by removing support for the JMSSink, JDBCAppender, JMSAppender and Apache Chainsaw modules
