Your message dated Fri, 24 Dec 2021 13:54:19 +0000
with message-id <e1n0l1x-0003hg...@fasolo.debian.org>
and subject line Bug#1001891: fixed in apache-log4j2 2.17.0-1~deb10u1
has caused the Debian Bug report #1001891,
regarding apache-log4j2: CVE-2021-45105: Certain strings can cause infinite
recursion
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1001891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache-log4j2
Version: 2.16.0-1
Severity: grave
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.16.0-1~deb11u1
Control: found -1 2.16.0-1~deb10u1
Hi,
The following vulnerability was published for apache-log4j2, again
less stronger impact.
CVE-2021-45105[0]:
| Certain strings can cause infinite recursion
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-45105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
[1] https://issues.apache.org/jira/browse/LOG4J2-3230
[2] https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apache-log4j2
Source-Version: 2.17.0-1~deb10u1
Done: Markus Koschany <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
apache-log4j2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1001...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated apache-log4j2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Dec 2021 18:56:50 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.0-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Closes: 1001891
Changes:
apache-log4j2 (2.17.0-1~deb10u1) buster-security; urgency=high
.
* Team upload.
* Backport 2.17.0-1 to Buster and fix CVE-2021-45105. (Closes: #1001891)
Checksums-Sha1:
ef2cccea66706c57b1eea11666d33d2e8d85c2d8 3051
apache-log4j2_2.17.0-1~deb10u1.dsc
3e30a7df5fbc008fa2f6a76bae93ab931b448e46 7604
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
e935dbc10e2dc41903a60e6869c505979614adbb 9100
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo
Checksums-Sha256:
ba6fd209c90d14fdd59faab4b2880d85dafb4800fe02255241f85e474c1582b7 3051
apache-log4j2_2.17.0-1~deb10u1.dsc
e4ad92fe72860a927d5051fcad98d70e3a85d3ee464a294afa6d3dc33da100a6 7604
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
753737cb6e54eeb23fb342855295315b21eb3f2de6529d38f2df7614896c9731 9100
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo
Files:
e852828d4d5d758d7bbc6b8dc7192589 3051 java optional
apache-log4j2_2.17.0-1~deb10u1.dsc
92bfde475cfc0787a34a472c1fb72472 7604 java optional
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
d4d58bc973af0dc5ec0070c2e4721736 9100 java optional
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+KZZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhCsQAK2DJPM9yN4ToISiCv+MJg9GiyGROGhBhwGh
WWYX1Ar2qOs55pQmADsuP8GZisU2lvaE90a9mV6tL5FSwuGrRxw/fX1SnDRDPtv4
1puIGS7N8CSG/tO/W5IMZfH47QCmzcTzqNjyvc4qRMqTaYvXxYfMnyqllavWg3S5
t8ze/2gIc9kAEkqIMAmKsDDKY2uxjLQjRqNW0j/EAeqIg/GKyYxt0RldIWQsEPwg
CMgQFgwScm9xFo8w+Lveh7F09mixyQ+Sy3FtM8TNiOZSdLFzZaivf+0/XhJNOxuo
bM62oTBLNXlYhgPzGQv26xzHTxx1gPmhU0HS0T7jG3YkhswsTgqV7YslP4ms82gB
q5WDvXDYeRo8ip1Ajjrx1zkiePJNDiOkkFbWECd2B0b3cwhon7LsYTAJTsQ0lPgW
gal7rK+GRG+uRayFf6kNW7xpLHg50bdHChgTji460asblnwWuPRnEAj/4iKb5Ije
z29DHaSbeK8cAwpLK56StfOcFsokcLkHwCtQgD4h8riT4XX1AN0hQirj51lvZ33f
S6BnS5uMx0YKZyWu1GnoXMhW9aHEd8/JQNulMNmd8xpeBLySOwWgkfR4AWhJiCdA
Wl2ndmBTuPoing8RCNV/eofCO36v9E9zdeqoblcISB+VnVwbn27/LEDUmjLqA3Xe
02n/EGqr
=rMEi
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
