FS#74845 - [Log4J][CVE-2021-4104] [jmol 14.32.57-1]

Attached to Project: Community Packages
Opened by Freedom Dev (FreedomDev) - Tuesday, 24 May 2022, 16:15 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 24 May 2022, 19:59 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

scanner:[https://github.com/logpresso/CVE-2021-44228-Scanner]
args:[--scan-log4j1 --scan-logback --scan-zip]

Found CVE-2021-4104 (log4j 1.2) vulnerability in /usr/share/jmol/Jmol.jar, log4j 1.2.14
Found CVE-2021-4104 (log4j 1.2) vulnerability in /usr/share/jmol/JmolData.jar, log4j 1.2.14

Repository : community
Name : jmol
Version : 14.32.57-1
Description : A Java 3D viewer for chemical structures
Architecture : any
URL : https://jmol.sourceforge.net
Licenses : LGPL
Groups : None
Provides : None
Depends On : java-runtime
Optional Deps : None
Required By : None
Optional For : sagemath
Conflicts With : None
Replaces : None
Download Size : 14.07 MiB
Installed Size : 25.18 MiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Fri 20 May 2022 05:39:51 PM UTC
MD5 Sum : ca6af6334941455229f929002bd5ae26
SHA-256 Sum : 1771f8b208d2dede47cabe5e725cd4f7a146b2ba6145d1787cc78e0741cdabdb
Signatures : 7A4E76095D8A52E4
This task depends upon

Closed by  Antonio Rojas (arojas)
Tuesday, 24 May 2022, 19:59 GMT
Reason for closing:  Not a bug
Comment by loqs (loqs) - Tuesday, 24 May 2022, 19:18 GMT
Upstream concluded package was not vulnerable https://sourceforge.net/p/jmol/code/22275/

Loading...