libthumbnailator-java_0.4.15-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Dec 2021 00:49:44 +0100
Source: libthumbnailator-java
Architecture: source
Version: 0.4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Changes:
 libthumbnailator-java (0.4.15-1) unstable; urgency=medium
 .
   * New upstream version 0.4.15.
Checksums-Sha1:
 c1c2e1170715c99a59004603eecdf30685f89e4c 2256 
libthumbnailator-java_0.4.15-1.dsc
 be8655c50853e957a71de1c38429601ecfb8e1ff 89524 
libthumbnailator-java_0.4.15.orig.tar.xz
 2cde1cd6d44195ac25bd9d2a8b51c1fcb87a35e6 2756 
libthumbnailator-java_0.4.15-1.debian.tar.xz
 176d4fa1df84e5b128998699902f1781abaebacb 12416 
libthumbnailator-java_0.4.15-1_amd64.buildinfo
Checksums-Sha256:
 609c75244c18b6b21e11f819cc74a768040f80623dc744b50c2b11f9d09e7301 2256 
libthumbnailator-java_0.4.15-1.dsc
 cbf2776324a92c590481af7631c27d2db00d9459ab32306307e3b641f17f7b82 89524 
libthumbnailator-java_0.4.15.orig.tar.xz
 0677625d57e3d587989826157fa956cff7efc7011afaf856c59553bb6a452a08 2756 
libthumbnailator-java_0.4.15-1.debian.tar.xz
 15b24c86f7d24ab8fcf8fbfe4782e6620938757e675340bff1b52a87981e8578 12416 
libthumbnailator-java_0.4.15-1_amd64.buildinfo
Files:
 c06c696446bdd33104fbe0764c834cea 2256 java optional 
libthumbnailator-java_0.4.15-1.dsc
 eb628bc91366587654e0d21f150af1a9 89524 java optional 
libthumbnailator-java_0.4.15.orig.tar.xz
 69c0fa3acda34b618961bd7b13f98ef9 2756 java optional 
libthumbnailator-java_0.4.15-1.debian.tar.xz
 c70a660d67f74e5e89b17227d2cf6647 12416 java optional 
libthumbnailator-java_0.4.15-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+c9hfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkFK0QAIJRe4SsUwaA4oEl8PuZpLwOyvGHhpuqlb2R
DIkVTA9yKR3dIFDaSsX3wlMRSsTAdg5S1NksCO/G8XgMRJw9cuXT16+1IW0z3tbC
biiyXJ5PO2akCnZOKYKZx55YN/mMNSJKENbA/IMJdPXvL9AemD+il6t20RCT8Is8
gdFLYmSjaY5VX1LoiOVC8UGQ1EqjehqCOZlnQ7iUOO4TBajVCpQ1YvNtanEJiRgi
dZ/AQHpx3Nkf5stxXB6Id8hH8R3EbfyLOu+yIY0g8A8B7BobQEG4nhFYMQpkHmKV
GHVpw6o5M3AQasYTKw/xMzrlJzrH8UK3J9SukuMpioMBznR9SQOCt4GrRLsMfBTx
zpJJOUGvJIZUwqiNN4L6hyF0dTzYgdQoe98orebEXCuGBhjHOl+72Df1pwomKabV
itMR5G7Z/OrkAcipb5TcTFvInv1PkZuz88ZtuNClTE4I7P200/nK/6wrd5QC+tGL
i4krYUNYbk+6dkSQjjpqu4pnLW03K2vzFoEdwQxKEoRs6i1Gc1ghkeVeehMoR+5z
f8YWkgA0Qy8+CQHs2Kt5NsC7OjuwJVKMpgxECvtsXOYp2hhwNSD4EDIYJIg0IeQG
zcOF77EEwCDy54aubq9dwu2fK20e2Ljc5uGssIbeTKhVTgnfMpX6ZwWqQLByEecn
q2vCb1yY
=roQS
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libthumbnailator-java_0.4.15-1_source.changes

[Debian FTP Masters]

libthumbnailator-java_0.4.15-1_source.changes uploaded successfully to localhost
along with the files:
  libthumbnailator-java_0.4.15-1.dsc
  libthumbnailator-java_0.4.15.orig.tar.xz
  libthumbnailator-java_0.4.15-1.debian.tar.xz
  libthumbnailator-java_0.4.15-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

undertow_2.2.14-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Dec 2021 00:28:22 +0100
Source: undertow
Architecture: source
Version: 2.2.14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Changes:
 undertow (2.2.14-1) unstable; urgency=medium
 .
   * New upstream version 2.2.14.
Checksums-Sha1:
 5c047c78f19db496efdcd4767b41fcd9a9b22cd1 2790 undertow_2.2.14-1.dsc
 0edbbbafa11959c0fe25f0e9937fe6c6cc5c3f69 1304244 undertow_2.2.14.orig.tar.gz
 f0c8d0e54d3b53b8f26191b664465a179e20b4d5 7948 undertow_2.2.14-1.debian.tar.xz
 efb048a4df538907719c81eebaa817ca7497b5cd 15028 
undertow_2.2.14-1_amd64.buildinfo
Checksums-Sha256:
 0ec2de44827b02317428fa06f352bb36f7c91be42257bcbfdd224da589ab59c9 2790 
undertow_2.2.14-1.dsc
 637ae5ddda241b43b07b9cf044aefce0b3868c950ede852f6016592848b1b10e 1304244 
undertow_2.2.14.orig.tar.gz
 17b8a375c9c307531f2fdd96b0c6df81ec24f592e4f780f385cc553724cc30cf 7948 
undertow_2.2.14-1.debian.tar.xz
 2c25c0e05d57dc0ba7d8e6a00aacd1f86471b576d75d9a32f31137255d24ddc7 15028 
undertow_2.2.14-1_amd64.buildinfo
Files:
 699a09c0ae094e74db4d5acdb426d385 2790 java optional undertow_2.2.14-1.dsc
 0a37611a8aa2e5ffc29fae4049669bcd 1304244 java optional 
undertow_2.2.14.orig.tar.gz
 68291d9a5551a804eede1f296ba77a53 7948 java optional 
undertow_2.2.14-1.debian.tar.xz
 52badf722292e20ddb3984bb9e0e07fc 15028 java optional 
undertow_2.2.14-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+b+NfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkaK4P/RczPmvflTewot+euTduPedaXnlEitpvqz24
7r7CggFzsndIryzyLrqB6THdtsYxhBPtlqLJp3Cc6Vd6FGBAiPzbf45LLhywDQbd
pMr8yBBt16s9JsdRpVQ0kGZdR/127QjkF/9JLa5v5m2WU43NFgSjLE+8RYzXbk7H
Hk8Xs0r/2ilTSdQgvYrSx9T6XPWZD0NbgnrJWdbaO0IM+FyILX6ibO7L37qd+Nxu
1U4UjOpAqMutiLhKGkZTbsXANNvovU75qjiVRvV7tnTFnkdSZh2u3dK0Xr5X4QZf
LvpdsZAybq8MnEbGPmCXnsubAeNAMUppnJ/36WxzRecB+zs/7d0QTtkclBr89nTI
YecqlikkPX2E72A5PPw4oC5oVzfH1gvZmsxbtiNMe+xpQFLiUVdrVdVHI68IdAOj
M3hOl0LICd4pPIUqhxQWpAAQPYP54Kj2gUnVinbtzN7Edh+I670eKmTE92DDdopp
+uVqxiq6ZPQWqEJvTnzNBZnzX3bCb3custqPeZ78qEGHZEgFxP42+8XA5yl25Oht
AuLSxwLJ3PVi2X66xuXmK71OOEZsKk2WV9N86Ubh9IOifEssDTVtNnOzTpOru2Ds
iDzHyJAarxVkSeqPH2a5Zbil8N/Tt87R7zLgzFBFtLy8fdvZwBFEVUU6jzCUlRbT
YFI+Mx7O
=jJ42
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

libpdfbox2-java_2.0.25-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Dec 2021 23:55:44 +0100
Source: libpdfbox2-java
Architecture: source
Version: 2.0.25-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Changes:
 libpdfbox2-java (2.0.25-1) unstable; urgency=medium
 .
   * New upstream version 2.0.25.
Checksums-Sha1:
 b07a79d96b012ab343caccbe6eb8c2f6e0a2a7a9 2578 libpdfbox2-java_2.0.25-1.dsc
 a416c0c0d0fc0de5fe784641919d5f5cc0a53aad 10096024 
libpdfbox2-java_2.0.25.orig.tar.xz
 639ccbcbdc9ec549524b8239e03b285b3e3e03aa 10360 
libpdfbox2-java_2.0.25-1.debian.tar.xz
 e5742b02a77b4e8ef487c349e84dd2b5dda1c409 16146 
libpdfbox2-java_2.0.25-1_amd64.buildinfo
Checksums-Sha256:
 097ade78ab807db873da8fe2b1b3a708ce63a47421699b001bcc478b36374414 2578 
libpdfbox2-java_2.0.25-1.dsc
 1f5ccad974cefafaa13cdff7c2cea5e511171b6ec8e170130e8667f43dbff4a2 10096024 
libpdfbox2-java_2.0.25.orig.tar.xz
 23d07941d9a739bab4ae82c49937720c8a47cd392d921869a0aff747d43a 10360 
libpdfbox2-java_2.0.25-1.debian.tar.xz
 08224a5619527357d0d2961ccdc13cee6642af38f6c739c84394f22ebf23b2a3 16146 
libpdfbox2-java_2.0.25-1_amd64.buildinfo
Files:
 1fb8c272fcdb938d989be895891d9320 2578 java optional 
libpdfbox2-java_2.0.25-1.dsc
 49599dc29a2b13c5a8a60f013a6ca8f6 10096024 java optional 
libpdfbox2-java_2.0.25.orig.tar.xz
 1e45db038b1f1722e0d9359cbc8cbe15 10360 java optional 
libpdfbox2-java_2.0.25-1.debian.tar.xz
 318386ae9675903a1f35afb9603cb632 16146 java optional 
libpdfbox2-java_2.0.25-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+bcZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkny8P/1rmQFPszYaDOVC8Oe6yCqTh74JmTrBtUN/a
+7kXc4eKA3FkfFLfbkM4BkhF4ZKdfw2I6QmUNCrl6lSJH2S4jFcQU1s+LdGxLNoh
JMDVq/wSDHvwvh3x98SOBTfIojYgulBIkfqf17NXUXjH5IZtUDn7my36glcvdJG6
H+dnUqFScBdoJh7YZzrThhj2h1jH8shFOLOYVvjRIQpCSctQb7tGRqzQdDpMjW3h
kGPQtVwstBAjn6GU3HLgxULXEC8Di28okz4prSGS85G85uq9wExgT1MwN1UecJfb
f4vo9h5ZWs429DtsTjgAXkyp6iHTfn8qwyzSWeiQyqz7K3Cxt7OUGdCKeRRzrYMa
4afbP/eUt/nE6Y28Mf0pxLpCu+cYebXdc381C8ENVIBTpiYNTNE0UTEQ9aOBocOM
FEvoTbJoTJWlI5f+KdcZa83Wy5E/qSdXMbeggbNheKfEVAWs7L7LAtO2aIIUUd8z
hiqNpreA9WI6vkWmINdR1EpsYskcMQ+/K5TjVhABU6VqP9X3ztv/t9Sm5SUtIX53
AowDv/ybXSOwQw+vSyWkbeSIgwTR0h3dR9OuC44fTKgxC6Um2LHxctiHELUaA/5M
Y+i7PFECCjqz1U/wdchVNFz46zQhYJaCj6lXRU/X/ker16k9Kg+byo1hRCwGuqKN
+0Cv4pVE
=NKRI
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of undertow_2.2.14-1_source.changes

[Debian FTP Masters]

undertow_2.2.14-1_source.changes uploaded successfully to localhost
along with the files:
  undertow_2.2.14-1.dsc
  undertow_2.2.14.orig.tar.gz
  undertow_2.2.14-1.debian.tar.xz
  undertow_2.2.14-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of libpdfbox2-java_2.0.25-1_source.changes

[Debian FTP Masters]

libpdfbox2-java_2.0.25-1_source.changes uploaded successfully to localhost
along with the files:
  libpdfbox2-java_2.0.25-1.dsc
  libpdfbox2-java_2.0.25.orig.tar.xz
  libpdfbox2-java_2.0.25-1.debian.tar.xz
  libpdfbox2-java_2.0.25-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

apache-log4j2_2.17.0-1~deb11u1_source.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Dec 2021 18:56:50 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.0-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1001891
Changes:
 apache-log4j2 (2.17.0-1~deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Backport 2.17.0-1 to Bullseye and fix CVE-2021-45105. (Closes: #1001891)
Checksums-Sha1:
 026d1a7469d4d5fb37bc9031d991b44f52522b3a 3051 
apache-log4j2_2.17.0-1~deb11u1.dsc
 24838ff3852d4043c5337b090c501698360eef85 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 876428e96c9bfecac9b76dfee1f57f4bc5e544f8 7564 
apache-log4j2_2.17.0-1~deb11u1.debian.tar.xz
 348d456fe818f6beac4bf1963b25a6fa762ab8c4 9100 
apache-log4j2_2.17.0-1~deb11u1_source.buildinfo
Checksums-Sha256:
 4afa0d50e693eb0c60ede6052528a798a37b7209526c3856ab4c1837f5027efb 3051 
apache-log4j2_2.17.0-1~deb11u1.dsc
 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 8d0b0af89cac538a4c85bdc39711fdef5798fcead2e6ec42ed1e176836178c41 7564 
apache-log4j2_2.17.0-1~deb11u1.debian.tar.xz
 4e1a5e06ecd248b14d9b6dc84102e26cef56c91fb06f325f507e04f21806ce2e 9100 
apache-log4j2_2.17.0-1~deb11u1_source.buildinfo
Files:
 486b82d4d84e40f250e57873acc414b2 3051 java optional 
apache-log4j2_2.17.0-1~deb11u1.dsc
 61eb8d0690bb3f95ec55ec6eeb0c27ad 1287192 java optional 
apache-log4j2_2.17.0.orig.tar.xz
 58e0d1bb062eaec512da71103ce12061 7564 java optional 
apache-log4j2_2.17.0-1~deb11u1.debian.tar.xz
 adacc9b395dad8aca487355f08807acd 9100 java optional 
apache-log4j2_2.17.0-1~deb11u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+IrlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkDQ0QALnD5sMYONW2/oicV66baO1ifPbzPFa/CkB+
mV6ma55byP4n5w9aapK4ewtcyy8t8oyLLw351LaK+bAn/bPld9WQUrKjgNG6zp08
ecVP3PcyjKZxVoxJ295XEIPS2t5UOiJSenwdDrPuwsyvixBFeT6qKfdKxnnFwAh4
hsACHSbJpZ50LUkjBPtx5jlt+ZdCC4uuXPbsgmLe1hLKd6+vjqwP3/1FcuorQNOl
crpp8AvzZ2/u/5F4qCUOhrjoHqKmSd4+M1CkG3aD28xgY4hXqGFebgLnG8XoQZQN
u39Df1CRVOBRJ0c85yN+vstHU885ZDPF3gvHqd8hRCkR0H6v4V/56UfIXOFPIVqS
cRiigzw/LFJ6E+z18yJkJhKmQ/rhKbvRJ6wdVzOgjs1xTS6BtVElMQ5/RcDGQfyT
U2C3WinWSzkzR8ihCfKThcSvcXR7AnQV+L+K7uYhATxEAIW3NCrzQtdbms/9LfHi
LF7nS8c+CRV1H1RMHgpvT/PCTcJ2m5R5wI2ohLdfEmbEeLTHAVWJEFSNwBT0q+uI
cdF3KsSghQ8JLxWZ+duC9RDBx1486jI79tboAhIM40+mJI8WFXN0abtsvA3uV9DR
eLvlw10sSPJ0W6HIuQlk26XPS1Pc4HAuzh+mpHdnWFdet4hBvtZFvoVXPjRWpPDL
DFl+Itqb
=E/un
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

apache-log4j2_2.17.0-1~deb10u1_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

[Debian FTP Masters]

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Dec 2021 18:56:50 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.0-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1001891
Changes:
 apache-log4j2 (2.17.0-1~deb10u1) buster-security; urgency=high
 .
   * Team upload.
   * Backport 2.17.0-1 to Buster and fix CVE-2021-45105. (Closes: #1001891)
Checksums-Sha1:
 ef2cccea66706c57b1eea11666d33d2e8d85c2d8 3051 
apache-log4j2_2.17.0-1~deb10u1.dsc
 3e30a7df5fbc008fa2f6a76bae93ab931b448e46 7604 
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
 e935dbc10e2dc41903a60e6869c505979614adbb 9100 
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo
Checksums-Sha256:
 ba6fd209c90d14fdd59faab4b2880d85dafb4800fe02255241f85e474c1582b7 3051 
apache-log4j2_2.17.0-1~deb10u1.dsc
 e4ad92fe72860a927d5051fcad98d70e3a85d3ee464a294afa6d3dc33da100a6 7604 
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
 753737cb6e54eeb23fb342855295315b21eb3f2de6529d38f2df7614896c9731 9100 
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo
Files:
 e852828d4d5d758d7bbc6b8dc7192589 3051 java optional 
apache-log4j2_2.17.0-1~deb10u1.dsc
 92bfde475cfc0787a34a472c1fb72472 7604 java optional 
apache-log4j2_2.17.0-1~deb10u1.debian.tar.xz
 d4d58bc973af0dc5ec0070c2e4721736 9100 java optional 
apache-log4j2_2.17.0-1~deb10u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+KZZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhCsQAK2DJPM9yN4ToISiCv+MJg9GiyGROGhBhwGh
WWYX1Ar2qOs55pQmADsuP8GZisU2lvaE90a9mV6tL5FSwuGrRxw/fX1SnDRDPtv4
1puIGS7N8CSG/tO/W5IMZfH47QCmzcTzqNjyvc4qRMqTaYvXxYfMnyqllavWg3S5
t8ze/2gIc9kAEkqIMAmKsDDKY2uxjLQjRqNW0j/EAeqIg/GKyYxt0RldIWQsEPwg
CMgQFgwScm9xFo8w+Lveh7F09mixyQ+Sy3FtM8TNiOZSdLFzZaivf+0/XhJNOxuo
bM62oTBLNXlYhgPzGQv26xzHTxx1gPmhU0HS0T7jG3YkhswsTgqV7YslP4ms82gB
q5WDvXDYeRo8ip1Ajjrx1zkiePJNDiOkkFbWECd2B0b3cwhon7LsYTAJTsQ0lPgW
gal7rK+GRG+uRayFf6kNW7xpLHg50bdHChgTji460asblnwWuPRnEAj/4iKb5Ije
z29DHaSbeK8cAwpLK56StfOcFsokcLkHwCtQgD4h8riT4XX1AN0hQirj51lvZ33f
S6BnS5uMx0YKZyWu1GnoXMhW9aHEd8/JQNulMNmd8xpeBLySOwWgkfR4AWhJiCdA
Wl2ndmBTuPoing8RCNV/eofCO36v9E9zdeqoblcISB+VnVwbn27/LEDUmjLqA3Xe
02n/EGqr
=rMEi
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1001891: marked as done (apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion)

[Debian Bug Tracking System]

Your message dated Sat, 18 Dec 2021 18:18:44 +
with message-id 
and subject line Bug#1001891: fixed in apache-log4j2 2.17.0-1
has caused the Debian Bug report #1001891,
regarding apache-log4j2: CVE-2021-45105: Certain strings can cause infinite 
recursion
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1001891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache-log4j2
Version: 2.16.0-1
Severity: grave
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.16.0-1~deb11u1
Control: found -1 2.16.0-1~deb10u1

Hi,

The following vulnerability was published for apache-log4j2, again
less stronger impact.

CVE-2021-45105[0]:
| Certain strings can cause infinite recursion

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
[1] https://issues.apache.org/jira/browse/LOG4J2-3230
[2] https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apache-log4j2
Source-Version: 2.17.0-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
apache-log4j2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1001...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated apache-log4j2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Dec 2021 17:09:22 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1001891
Changes:
 apache-log4j2 (2.17.0-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 2.17.0.
 - Fix CVE-2021-45105:
   Apache Log4j2 did not protect from uncontrolled recursion from
   self-referential lookups. When the logging configuration uses a
   non-default Pattern Layout with a Context Lookup (for example,
   $${ctx:loginId}), attackers with control over Thread Context Map (MDC)
   input data can craft malicious input data that contains a recursive
   lookup, resulting in a denial of service. (Closes: #1001891)
   Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
 0d171b8f17b5283c1256f1057434ec549c48f180 3019 apache-log4j2_2.17.0-1.dsc
 24838ff3852d4043c5337b090c501698360eef85 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 1be40de7bb76e481450500ac0e0cecae49d6f5c7 7512 
apache-log4j2_2.17.0-1.debian.tar.xz
 b328759a2b88bf9b61cca1d9653a4266efccf5b5 14605 
apache-log4j2_2.17.0-1_amd64.buildinfo
Checksums-Sha256:
 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81 3019 
apache-log4j2_2.17.0-1.dsc
 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615 7512 
apache-log4j2_2.17.0-1.debian.tar.xz
 1667ee35ec38a88d8f061b75f90310c2c30f3508d807fd4049c0b2c3371ba69b 14605 
apache-log4j2_2.17.0-1_amd64.buildinfo
Files:
 6d558abdcd0854507226750b2f16efa4 3019 java optional apache-log4j2_2.17.0-1.dsc
 61eb8d0690bb3f95ec55ec6eeb0c27ad 1287192 java optional 
apache-log4j2_2.17.0.orig.tar.xz
 05b20bec8c21bb309cfb96cf062649d5 7512 java optional 
apache-log4j2_2.17.0-1.debian.tar.xz
 b5c3c482cc77bd84bf57fcb14b8b063c 14605 java optional 
apache-log4j2_2.17.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+IBRfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkyoMP/1VnBa1nsnwiKM4datS0eeVuo9+vaBp9rDI+
YjwCB9FH78d6vD6OgS3pnb8yRhOR1Q57BX4qRx3D4r8M3Cqy5ouQLhuCXWMnFwAh

apache-log4j2_2.17.0-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Dec 2021 17:09:22 +0100
Source: apache-log4j2
Architecture: source
Version: 2.17.0-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Closes: 1001891
Changes:
 apache-log4j2 (2.17.0-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 2.17.0.
 - Fix CVE-2021-45105:
   Apache Log4j2 did not protect from uncontrolled recursion from
   self-referential lookups. When the logging configuration uses a
   non-default Pattern Layout with a Context Lookup (for example,
   $${ctx:loginId}), attackers with control over Thread Context Map (MDC)
   input data can craft malicious input data that contains a recursive
   lookup, resulting in a denial of service. (Closes: #1001891)
   Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
 0d171b8f17b5283c1256f1057434ec549c48f180 3019 apache-log4j2_2.17.0-1.dsc
 24838ff3852d4043c5337b090c501698360eef85 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 1be40de7bb76e481450500ac0e0cecae49d6f5c7 7512 
apache-log4j2_2.17.0-1.debian.tar.xz
 b328759a2b88bf9b61cca1d9653a4266efccf5b5 14605 
apache-log4j2_2.17.0-1_amd64.buildinfo
Checksums-Sha256:
 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81 3019 
apache-log4j2_2.17.0-1.dsc
 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 1287192 
apache-log4j2_2.17.0.orig.tar.xz
 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615 7512 
apache-log4j2_2.17.0-1.debian.tar.xz
 1667ee35ec38a88d8f061b75f90310c2c30f3508d807fd4049c0b2c3371ba69b 14605 
apache-log4j2_2.17.0-1_amd64.buildinfo
Files:
 6d558abdcd0854507226750b2f16efa4 3019 java optional apache-log4j2_2.17.0-1.dsc
 61eb8d0690bb3f95ec55ec6eeb0c27ad 1287192 java optional 
apache-log4j2_2.17.0.orig.tar.xz
 05b20bec8c21bb309cfb96cf062649d5 7512 java optional 
apache-log4j2_2.17.0-1.debian.tar.xz
 b5c3c482cc77bd84bf57fcb14b8b063c 14605 java optional 
apache-log4j2_2.17.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+IBRfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkyoMP/1VnBa1nsnwiKM4datS0eeVuo9+vaBp9rDI+
YjwCB9FH78d6vD6OgS3pnb8yRhOR1Q57BX4qRx3D4r8M3Cqy5ouQLhuCXWMnFwAh
aDm+Wd+eOp3kWFr7HGjLXmaAAf4F3Jx6NULCO/DIVS4dYgX910vlh1Y540/uVAPS
1Kr+H6yyTwOFhOh37IOcCiFEt4QTPv4wxNxIeKVq3DqWAwVUnH2KNEAzOw2AoeQE
7oiyFKXwEDdYVLLSTpcMUpRdEU7kSKOf/kku6I1N8B2SWSns8B0sKPST9uT26aUV
KZ5XyWm/uazAAEcmt1ngsqBbBEuBKUOFCdPg206DmgSEpg2WtlZyDDw1HfCkGn3u
nqvqRe0kHogZ745tr4WebiHQAtABS7icaDMgXGrmFxfPOorRhFBjmAorx5fOi666
i7eoN+pdsJx3WV0znRMK4hlD7F7e5mCCxlguyxqQT6EMMu2WIe5257GrCQ3BOmyy
mbTnhbgJqDwru+Zwkw+98DrF1bYfMb1xvEf/j5f/XZCsR7BXROFozTL7yHc5G+wO
8C1KRlqs9Zq62A+P/DtVa2OItc5WcL5AKud24gOzd8aV9acYHDpVLanWWt+GoBV+
iSgsTJJ3IXPSOl9YYqNHF0fbdSUO+uVpWLNB3gEEAqlJyZ6b3THb+rgVadNYReTp
LcS0i7sz
=5t+i
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of apache-log4j2_2.17.0-1_source.changes

[Debian FTP Masters]

apache-log4j2_2.17.0-1_source.changes uploaded successfully to localhost
along with the files:
  apache-log4j2_2.17.0-1.dsc
  apache-log4j2_2.17.0.orig.tar.xz
  apache-log4j2_2.17.0-1.debian.tar.xz
  apache-log4j2_2.17.0-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

[Salvatore Bonaccorso]

Hi!

On Sat, Dec 18, 2021 at 03:30:16PM +0100, Markus Koschany wrote:
> Control: owner -1 !
> 
> Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso:
> > Source: apache-log4j2
> > Version: 2.16.0-1
> > Severity: grave
> > Tags: security upstream
> > Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> > 
> > Control: found -1 2.16.0-1~deb11u1
> > Control: found -1 2.16.0-1~deb10u1
> > 
> > Hi,
> > 
> > The following vulnerability was published for apache-log4j2, again
> > less stronger impact.
> > 
> > CVE-2021-45105[0]:
> > > Certain strings can cause infinite recursion
> > 
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> Thanks for the report. I hope we are not going to see a new log4j CVE every
> week now...
> 
> I can prepare the security update for Buster and Bullseye again.

Thanks! I hope and expect it will calm down again around log4j2. Many
people are now looking at it, so it's good issues are found and are
resolved.

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

jtreg_5.1-b01-2~deb10u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

[Debian FTP Masters]

Mapping buster to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 19 Nov 2021 16:26:05 +
Source: jtreg
Architecture: source
Version: 5.1-b01-2~deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Moritz Muehlenhoff 
Changes:
 jtreg (5.1-b01-2~deb10u1) buster; urgency=medium
 .
   * Rebuild for buster, needed for latest OpenJDK 11.x release
 - Switch to debhelper 12
Checksums-Sha1:
 e15434d25932867b2b82e01a7bbf49c493c03a5f 2033 jtreg_5.1-b01-2~deb10u1.dsc
 d48b5c5c9c267164c364b1bef68424129c734c41 6324 
jtreg_5.1-b01-2~deb10u1.debian.tar.xz
 d15624db68ed866f2d8bf4c8741e1b5fe5b2d794 11382 
jtreg_5.1-b01-2~deb10u1_amd64.buildinfo
Checksums-Sha256:
 c0b79c1f36c65b1e2ca17e332563cd5e6277d6421b16d4bc2de9b18fc384dbf6 2033 
jtreg_5.1-b01-2~deb10u1.dsc
 a9fa7ab8b9d0b0f8577e71b9822c623fd2e05cb64129def194755f198029f926 6324 
jtreg_5.1-b01-2~deb10u1.debian.tar.xz
 9d761c777aa2d9948bf2dc1e58d0bc749b09e201f5ba4f314b129cf106a22cf8 11382 
jtreg_5.1-b01-2~deb10u1_amd64.buildinfo
Files:
 fdc4f7abbe57f09af85292dad7373391 2033 java optional jtreg_5.1-b01-2~deb10u1.dsc
 0f9b6bcbbc9ddc03f47032b3132dcd50 6324 java optional 
jtreg_5.1-b01-2~deb10u1.debian.tar.xz
 8377e62f3d91d29ed3201a539ffea565 11382 java optional 
jtreg_5.1-b01-2~deb10u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmG96zAACgkQEMKTtsN8
TjaYXQ//QfKs5hzPmb1DU8c0V0M/RLMMLlCaanHWn0jkurDLvTUps9NmQQxI76nC
T56/DVTMfNI64B/seFSbUoYLyoFYSX/tvkXzVTfdWrc0VYjqu2FIRnnhfkMpzIT/
HPvNatJhfUB2tuZhO9LscuR1CcOdhEy8KNo6AotbOw24SRlw+LPoTlQ/x23RlvuH
CngymyPT8bGhGjuMWPVqjcZr+dcCRyExJaJhXw1s1jf49QqRveifWKFNMqk7BaXF
warxSucTKtCfj1BYWe3Datpf/Zrm7RBxM8URBVu++jwohnJa7gBGkAugc5/ziou7
sAgGAVVfOFkX/rn6AAQXPcjSKc/5cwq6fGU42oemfMbSJsIatcQ2ffyn8eA3RoMw
6f9/2f1ZxzjYI6PEFJZ1rJ1YAJQZalqU3udjA2QkdvL5mSEWS2YxaPuvIB8yfpTg
POcN/XKSsraq4noNSHoF7xXT056IZKRyA595djMt08afZ6Y5Z8V+LS22fssjoJRC
I4Fw2h2yy1xqy8mn/VjAuuwQ/CwM4p6PLj1/jZ7et8iEo91jIxIlfHfJhQNnBzgs
0pSu42ZtVxEZywL6B7T8LjFZjUne2rw+cMcx+qKYcJqI2iMPIz4Ks0Ezrriq/kNy
MojYTFS2tMOvxTV4BdjJ4GehZEmvj0RLnXBrx46QmjgAIAiH1b4=
=gwFF
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

[Markus Koschany]

Control: owner -1 !

Am Samstag, dem 18.12.2021 um 14:37 +0100 schrieb Salvatore Bonaccorso:
> Source: apache-log4j2
> Version: 2.16.0-1
> Severity: grave
> Tags: security upstream
> Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
> 
> Control: found -1 2.16.0-1~deb11u1
> Control: found -1 2.16.0-1~deb10u1
> 
> Hi,
> 
> The following vulnerability was published for apache-log4j2, again
> less stronger impact.
> 
> CVE-2021-45105[0]:
> > Certain strings can cause infinite recursion
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Thanks for the report. I hope we are not going to see a new log4j CVE every
week now...

I can prepare the security update for Buster and Bullseye again.

Regards,

Markus


signature.asc
Description: This is a digitally signed message part
__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: Re: Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

[Debian Bug Tracking System]

Processing control commands:

> owner -1 !
Bug #1001891 [src:apache-log4j2] apache-log4j2: CVE-2021-45105: Certain strings 
can cause infinite recursion
Owner recorded as Markus Koschany .

-- 
1001891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processing of jtreg_5.1-b01-2~deb10u1_amd64.changes

[Debian FTP Masters]

jtreg_5.1-b01-2~deb10u1_amd64.changes uploaded successfully to localhost
along with the files:
  jtreg_5.1-b01-2~deb10u1.dsc
  jtreg_5.1-b01-2~deb10u1.debian.tar.xz
  jtreg_5.1-b01-2~deb10u1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#1001891: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

[Salvatore Bonaccorso]

Source: apache-log4j2
Version: 2.16.0-1
Severity: grave
Tags: security upstream
Forwarded: https://issues.apache.org/jira/browse/LOG4J2-3230
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.16.0-1~deb11u1
Control: found -1 2.16.0-1~deb10u1

Hi,

The following vulnerability was published for apache-log4j2, again
less stronger impact.

CVE-2021-45105[0]:
| Certain strings can cause infinite recursion

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
[1] https://issues.apache.org/jira/browse/LOG4J2-3230
[2] https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105

Regards,
Salvatore

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Processed: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion

[Debian Bug Tracking System]

Processing control commands:

> found -1 2.16.0-1~deb11u1
Bug #1001891 [src:apache-log4j2] apache-log4j2: CVE-2021-45105: Certain strings 
can cause infinite recursion
Marked as found in versions apache-log4j2/2.16.0-1~deb11u1.
> found -1 2.16.0-1~deb10u1
Bug #1001891 [src:apache-log4j2] apache-log4j2: CVE-2021-45105: Certain strings 
can cause infinite recursion
Marked as found in versions apache-log4j2/2.16.0-1~deb10u1.

-- 
1001891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
.
 Please use
debian-j...@lists.debian.org for discussions and questions.