File _patchinfo of Package patchinfo.22519

<patchinfo incident="22519">
  <issue tracker="bnc" id="1194843">VUL-0: CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender</issue>
  <issue tracker="bnc" id="1194842">VUL-0: CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink</issue>
  <issue tracker="bnc" id="1194844">VUL-0: CVE-2022-23307: log4j: Apache Log4j 1.x:  A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.</issue>
  <issue tracker="cve" id="2022-23302"/>
  <issue tracker="cve" id="2022-23305"/>
  <issue tracker="cve" id="2022-23307"/>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for log4j</summary>
  <description>This update for log4j fixes the following issues:

- CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. (bsc#1194844)
- CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. (bsc#1194843)
- CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink. (bsc#1194842)
</description>
</patchinfo>