Package: apache-log4j1.2 / 1.2.17-10+deb11u1

Metadata

Package Version Patches format
apache-log4j1.2 1.2.17-10+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
build_fix.patch | (download)

build.xml | 7 2 + 5 - 0 !
1 file changed, 2 insertions(+), 5 deletions(-)

 enables the compilation of the jmx classes and tweaks the javadoc.
remove activation framework dependency.patch | (download)

build.xml | 1 0 + 1 - 0 !
tests/build.xml | 2 0 + 2 - 0 !
2 files changed, 3 deletions(-)

 remove the dependency on the activation framework (integrated to java 6 and later)
add missing classes.patch | (download)

build.xml | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 add missing classes to jar
CVE 2019 17571.patch | (download)

src/main/java/org/apache/log4j/FilteredObjectInputStream.java | 65 65 + 0 - 0 !
src/main/java/org/apache/log4j/net/SocketNode.java | 17 15 + 2 - 0 !
2 files changed, 80 insertions(+), 2 deletions(-)

 cve-2019-17571

Bug-Debian: https://bugs.debian.org/947124
disable examples.patch | (download)

build.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 no longer build the examples to avoid an error with openjdk 17
CVE 2022 23305.patch | (download)

src/main/java/org/apache/log4j/jdbc/JDBCAppender.java | 398 0 + 398 - 0 !
1 file changed, 398 deletions(-)

 cve-2022-23305

Bug-Debian: https://bugs.debian.org/1004482

This change mitigates the impact of CVE-2022-23305. Apache Log4j 1.2 has
reached end of life in August 2015. No further updates will be available.

CVE 2022 23302.patch | (download)

src/main/java/org/apache/log4j/net/JMSSink.java | 153 0 + 153 - 0 !
1 file changed, 153 deletions(-)

 cve-2022-23302

Bug-Debian: https://bugs.debian.org/1004482

This change mitigates the impact of CVE-2022-23302. Apache Log4j 1.2 has
reached end of life in August 2015. No further updates will be available.

CVE 2022 23307.patch | (download)

src/main/java/org/apache/log4j/chainsaw/ControlPanel.java | 222 0 + 222 - 0 !
src/main/java/org/apache/log4j/chainsaw/DetailPanel.java | 170 0 + 170 - 0 !
src/main/java/org/apache/log4j/chainsaw/EventDetails.java | 135 0 + 135 - 0 !
src/main/java/org/apache/log4j/chainsaw/ExitAction.java | 48 0 + 48 - 0 !
src/main/java/org/apache/log4j/chainsaw/LoadXMLAction.java | 139 0 + 139 - 0 !
src/main/java/org/apache/log4j/chainsaw/LoggingReceiver.java | 121 0 + 121 - 0 !
src/main/java/org/apache/log4j/chainsaw/Main.java | 192 0 + 192 - 0 !
src/main/java/org/apache/log4j/chainsaw/MyTableModel.java | 390 0 + 390 - 0 !
src/main/java/org/apache/log4j/chainsaw/XMLFileHandler.java | 170 0 + 170 - 0 !
src/main/java/org/apache/log4j/chainsaw/package.html | 118 0 + 118 - 0 !
10 files changed, 1705 deletions(-)

 cve-2022-23307

Bug-Debian: https://bugs.debian.org/1004482

This change mitigates the impact of CVE-2022-23307. Apache Log4j 1.2 has
reached end of life in August 2015. No further updates will be available.

CVE 2021 4104.patch | (download)

src/main/java/org/apache/log4j/net/JMSAppender.java | 444 0 + 444 - 0 !
1 file changed, 444 deletions(-)

 cve-2021-4104

Bug-Debian: https://bugs.debian.org/1004482

This change mitigates the impact of CVE-2021-4104. Apache Log4j 1.2 has
reached end of life in August 2015. No further updates will be available.