News for package apache-log4j2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 3.0 (quilt)
Source: apache-log4j2
Binary: liblog4j2-java, liblog4j2-java-doc
Architecture: all
Version: 2.7-2
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Uploaders: Emmanuel Bourg <ebourg@apache.org>
Homepage: http://logging.apache.org/log4j/2.x/
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/apache-log4j2.git
Vcs-Git: https://anonscm.debian.org/git/pkg-java/apache-log4j2.git
Build-Depends: debhelper (>= 10), default-jdk, maven-debian-helper (>= 1.5)
Build-Depends-Indep: default-jdk-doc, groovy, libapache-pom-java (>= 10), libbsh-java, libcommons-compress-java, libcommons-csv-java (>= 1.2), libcommons-lang3-java, libcommons-logging-java, libcommons-logging-java-doc, libconversant-disruptor-java, libdisruptor-java, libgeronimo-jms-1.1-spec-java, libmail-java, libjackson2-databind-java, libjackson2-dataformat-yaml, libjackson2-dataformat-xml-java, libjackson2-module-jaxb-annotations-java, libjansi-java, libjcommander-java, libjctools-java, libjeromq-java, libjpa-2.1-spec-java, liblightcouch-java, libmaven-bundle-plugin-java, libmaven-exec-plugin-java, libmaven-install-plugin-java, libmaven-javadoc-plugin-java, libmaven-source-plugin-java, libmongodb-java, libosgi-core-java, libservlet3.1-java, libslf4j-java, libwoodstox-java
Package-List:
 liblog4j2-java deb java optional arch=all
 liblog4j2-java-doc deb doc optional arch=all
Checksums-Sha1:
 0cba98226e45d7eecf411ab391c8765180eb2d45 857800 apache-log4j2_2.7.orig.tar.xz
 e0d5b663d2238cc59c0d7a9e1efaea4aaa4825b9 8440 apache-log4j2_2.7-2.debian.tar.xz
Checksums-Sha256:
 a18502b624769d24aa470c3cef134ec7d2f2578342d4afda552a457e88d1c177 857800 apache-log4j2_2.7.orig.tar.xz
 68fef80f76648b9835ce7990a9238d86cff99af722e2d28a5528ddced3f07c71 8440 apache-log4j2_2.7-2.debian.tar.xz
Files:
 537212527a309018ad3e2b0dca04ddc1 857800 apache-log4j2_2.7.orig.tar.xz
 c405df976dea2058f26495918141df8b 8440 apache-log4j2_2.7-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlj2Cp8SHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsLg0P/ixci59IfI94+2b5hGW5oJnIoIyAczx/
Cvv6bZXMI/4D6RwAW6dlquZ6I2mYI5mEeSCdaL0LSm5Ax51Oq/zLmAy6sqASCZyA
Dx+jQ09dygImsHpDImZbmHdSG7P+ToQvmGE6mL1nAsnex+8iPghPAEWYBbPL+cek
7/cYPrAxVP++Aiapt+Dp8bogsLLkBFBF7bl/bdpQpTFi/Jj5yTuDwgeHWIpnkzzO
r27fg1erpOZPmuOp9CB3pGRULLUffsVf/CidxqtuWWhv2u3oyehweSpqEZVvALQ2
uY3X9QrKDcjEAfEA5M49bfHUJ0/O0/bLtrIVqGw+rmAxQesi7ykSI9nZwyyi5Wv2
dXOdHZeD8fVhwU8sKkd0Xq8V+YNejwA89lLMv5BcVB3ZSVM+TcmjnDF4POERyAO7
wn1pntAcSbnMRa50ElnlH4P/iez2ckhfiRV4q2zle+8Hyw5VJV6kTslQRkrPhDWh
aCU2BcUbpNczKaOBcWz1Qb0xJClui8XMipN6S3Z6ZXM42rRDQeotZLgtNq8SHQDz
rqn/oUfe5XBsNanarakND+hl+PkwksLuORxqRQtIBxtC4SYfWcegkB4r2G9T1ImA
4tnsB0dCb7zDKEdEnfVp0jSb3aWfQTEk+ZelidkUwc4h7N02m2AADoz/2bSxADg1
PIRpkWoNtGtS
=L27f
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
apache-log4j2 (2.7-2) unstable; urgency=medium

  * Team upload.
  * Fixed CVE-2017-5645: When using the TCP socket server or UDP socket server
    to receive serialized log events from another application, a specially
    crafted binary payload can be sent that, when deserialized, can execute
    arbitrary code (Closes: #860489)

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 18 Apr 2017 14:30:00 +0200