Package: apache-log4j1.2 | Debian Sources

Package: apache-log4j1.2 / 1.2.17-10+deb11u1

Metadata

Package	Version	Patches format
apache-log4j1.2	1.2.17-10+deb11u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
build_fix.patch \| (download)	build.xml \| 7 2 + 5 - 0 ! 1 file changed, 2 insertions(+), 5 deletions(-)	enables the compilation of the jmx classes and tweaks the javadoc.
remove activation framework dependency.patch \| (download)	build.xml \| 1 0 + 1 - 0 ! tests/build.xml \| 2 0 + 2 - 0 ! 2 files changed, 3 deletions(-)	remove the dependency on the activation framework (integrated to java 6 and later)
add missing classes.patch \| (download)	build.xml \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	add missing classes to jar
CVE 2019 17571.patch \| (download)	src/main/java/org/apache/log4j/FilteredObjectInputStream.java \| 65 65 + 0 - 0 ! src/main/java/org/apache/log4j/net/SocketNode.java \| 17 15 + 2 - 0 ! 2 files changed, 80 insertions(+), 2 deletions(-)	cve-2019-17571 Bug-Debian: https://bugs.debian.org/947124
disable examples.patch \| (download)	build.xml \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	no longer build the examples to avoid an error with openjdk 17
CVE 2022 23305.patch \| (download)	src/main/java/org/apache/log4j/jdbc/JDBCAppender.java \| 398 0 + 398 - 0 ! 1 file changed, 398 deletions(-)	cve-2022-23305 Bug-Debian: https://bugs.debian.org/1004482 This change mitigates the impact of CVE-2022-23305. Apache Log4j 1.2 has reached end of life in August 2015. No further updates will be available.
CVE 2022 23302.patch \| (download)	src/main/java/org/apache/log4j/net/JMSSink.java \| 153 0 + 153 - 0 ! 1 file changed, 153 deletions(-)	cve-2022-23302 Bug-Debian: https://bugs.debian.org/1004482 This change mitigates the impact of CVE-2022-23302. Apache Log4j 1.2 has reached end of life in August 2015. No further updates will be available.
CVE 2022 23307.patch \| (download)	src/main/java/org/apache/log4j/chainsaw/ControlPanel.java \| 222 0 + 222 - 0 ! src/main/java/org/apache/log4j/chainsaw/DetailPanel.java \| 170 0 + 170 - 0 ! src/main/java/org/apache/log4j/chainsaw/EventDetails.java \| 135 0 + 135 - 0 ! src/main/java/org/apache/log4j/chainsaw/ExitAction.java \| 48 0 + 48 - 0 ! src/main/java/org/apache/log4j/chainsaw/LoadXMLAction.java \| 139 0 + 139 - 0 ! src/main/java/org/apache/log4j/chainsaw/LoggingReceiver.java \| 121 0 + 121 - 0 ! src/main/java/org/apache/log4j/chainsaw/Main.java \| 192 0 + 192 - 0 ! src/main/java/org/apache/log4j/chainsaw/MyTableModel.java \| 390 0 + 390 - 0 ! src/main/java/org/apache/log4j/chainsaw/XMLFileHandler.java \| 170 0 + 170 - 0 ! src/main/java/org/apache/log4j/chainsaw/package.html \| 118 0 + 118 - 0 ! 10 files changed, 1705 deletions(-)	cve-2022-23307 Bug-Debian: https://bugs.debian.org/1004482 This change mitigates the impact of CVE-2022-23307. Apache Log4j 1.2 has reached end of life in August 2015. No further updates will be available.
CVE 2021 4104.patch \| (download)	src/main/java/org/apache/log4j/net/JMSAppender.java \| 444 0 + 444 - 0 ! 1 file changed, 444 deletions(-)	cve-2021-4104 Bug-Debian: https://bugs.debian.org/1004482 This change mitigates the impact of CVE-2021-4104. Apache Log4j 1.2 has reached end of life in August 2015. No further updates will be available.

1