Update changelog
Markus Koschany
4 years ago
| 0 | apache-log4j1.2 (1.2.17-9) unstable; urgency=high | |
| 1 | ||
| 2 | * Team upload. | |
| 3 | * Fix CVE-2019-17571. (Closes: #947124) | |
| 4 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to | |
| 5 | deserialization of untrusted data which can be exploited to remotely | |
| 6 | execute arbitrary code when combined with a deserialization gadget when | |
| 7 | listening to untrusted network traffic for log data. | |
| 8 | * Switch to debhelper-compat = 12. | |
| 9 | * Declare compliance with Debian Policy 4.4.1. | |
| 10 | * Use canonical VCS URI. | |
| 11 | ||
| 12 | -- Markus Koschany <apo@debian.org> Sat, 11 Jan 2020 23:06:27 +0100 | |
| 13 | ||
| 0 | 14 | apache-log4j1.2 (1.2.17-8) unstable; urgency=medium |
| 1 | 15 | |
| 2 | 16 | * No longer attempt to install the javadoc jar (Closes: #879251) |