Update changelog
Markus Koschany
4 years ago
0 | apache-log4j1.2 (1.2.17-9) unstable; urgency=high | |
1 | ||
2 | * Team upload. | |
3 | * Fix CVE-2019-17571. (Closes: #947124) | |
4 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to | |
5 | deserialization of untrusted data which can be exploited to remotely | |
6 | execute arbitrary code when combined with a deserialization gadget when | |
7 | listening to untrusted network traffic for log data. | |
8 | * Switch to debhelper-compat = 12. | |
9 | * Declare compliance with Debian Policy 4.4.1. | |
10 | * Use canonical VCS URI. | |
11 | ||
12 | -- Markus Koschany <apo@debian.org> Sat, 11 Jan 2020 23:06:27 +0100 | |
13 | ||
0 | 14 | apache-log4j1.2 (1.2.17-8) unstable; urgency=medium |
1 | 15 | |
2 | 16 | * No longer attempt to install the javadoc jar (Closes: #879251) |