-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 19 Jan 2026 20:11:23 CET Source: apache-log4j2 Architecture: source Version: 2.17.1-1~deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian Java Maintainers <[email protected]> Changed-By: Markus Koschany <[email protected]> Checksums-Sha1: c0fe47a943872ac888fe36b77a80520d827140ae 3051 apache-log4j2_2.17.1-1~deb11u2.dsc e1c06710e675182f651e8ce0784baacf806ecb55 1291432 apache-log4j2_2.17.1.orig.tar.xz cfdc93fb1e4590d42ab8e7eb4de86ca768b2ff24 9868 apache-log4j2_2.17.1-1~deb11u2.debian.tar.xz 1df0e3daa9c5bdb3a2444d0cd563d4df8b50334a 15550 apache-log4j2_2.17.1-1~deb11u2_amd64.buildinfo Checksums-Sha256: 7d4e92433f6a18489cbf557799f5629c238c84dde7590f92b1e0bfc1f18d0629 3051 apache-log4j2_2.17.1-1~deb11u2.dsc c7139fdcad10a8470da5c3f8d818c3eefe63c88e21518c27e558048ed3b90b15 1291432 apache-log4j2_2.17.1.orig.tar.xz dfa713ca05cfcf9cba49eabeac93c453dd2be43579f637fb743d975661e26b0c 9868 apache-log4j2_2.17.1-1~deb11u2.debian.tar.xz cdd6cf6f479b2d14546267d4f95762f230b9c133abb8de4696c7a08f091941d8 15550 apache-log4j2_2.17.1-1~deb11u2_amd64.buildinfo Changes: apache-log4j2 (2.17.1-1~deb11u2) bullseye-security; urgency=medium . * Team upload. * The Socket Appender in Apache Log4j Core does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under specific and hard to exploit conditions. Files: 258b9bc663276eca0284c21a7aeff59e 3051 java optional apache-log4j2_2.17.1-1~deb11u2.dsc 6699f6c7aff5a7bb0ae6be954e0ee863 1291432 java optional apache-log4j2_2.17.1.orig.tar.xz c894e072eca35eeeb7ede617007ed39a 9868 java optional apache-log4j2_2.17.1-1~deb11u2.debian.tar.xz 1bd4e4d4d0ba302860496524e3155db1 15550 java optional apache-log4j2_2.17.1-1~deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmlugm5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkgwgQALm8rFTzFvXcFKG+M0pd+N4mVyd7Kl9beVE/ eJ4pgGeImBen7kCrHjWK8B28L13AeFFRRMvFcSgwsOLWE9o2KO9bktqcHnQrjkvU bL+ZdpFZiKl8Czqr1pKBE6p55OQWHnEfjMiK1TCryAR4J1idGy6WkoBO9l7925Jq FiXc3z/vYlmFHu2JeKtr9CtRb6l42PKoNGTa9s/ddYgFVgangz/AzPHm77kWJ2JT gYgbRJ5rRZh544InJbD9g5/IpDvgFtdPV0lBNu6q+okO8PpPSjtcF/Dc7pnt9bES djbu1ypVDA7uc5gbrqdqDPeLtMri++fzk7d5KD+Qjk+WCud00MP3ju6d6OjH6e/W c9O/vJ7jALPuIAtNlq950GtIYj8pjs4dmukkGUyN54yN09pdsdUPBRFPIZ0xwxG2 zlNw/p1sz6Wjpk67Zu9TwRuig567Qs+WMdMYD0tXIPQcsG3i3ZLxkHT0jmvfPyib hGzmMErj9V9VG+Ojm/56RiLvJH83dqr02AsZV4h6gTyJj59HBe/Pn+rZtYA/hrQM RVP6bzeropJnDZhylfCpu+GFsDOdcHVpAlYyNWmnx1Eh8s6ad77iKodki3DWikex naBL1h2DaVhme/6AENzfK2/Cl/ZccHiGYcdgAOLItdL8g6WXGA3bayoLXp2ZRlI4 NpcO7tXH =Ax/l -----END PGP SIGNATURE-----
pgpdGIxbQOPXV.pgp
Description: PGP signature
