From 2723cbfe5aaae63089f46e6fe202524d43bf5154 Mon Sep 17 00:00:00 2001
From: Joe Slater <joe.slater@windriver.com>
Date: Fri, 22 Apr 2022 16:28:49 -0400
Subject: [PATCH] log4j: fix CVE-2022-23307

Unsafe deserialization in chainsaw.  Advance to
version 1.2.17-18.el7_4.

=== Testing ===
build-pkgs/build-iso and boot.

log4j is not in the runtime system, nor is it in
the mock build environment.
===

Closes-bug: 1969993
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Change-Id: I0e16887da7c22173c0c05c60a49bf026521d93a7
---
 centos-mirror-tools/config/centos/flock/rpms_centos.lst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
index ae3212d7..dc1a1d94 100644
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@@ -545,7 +545,7 @@ lksctp-tools-1.0.17-2.el7.x86_64.rpm
 lldpad-1.0.1-3.git036e314.el7.x86_64.rpm
 lm_sensors-devel-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm
 lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm
-log4j-1.2.17-16.el7_4.noarch.rpm
+log4j-1.2.17-18.el7_4.noarch.rpm
 lsof-4.87-6.el7.x86_64.rpm
 lsscsi-0.27-6.el7.x86_64.rpm
 lttng-ust-2.10.0-1.el7.x86_64.rpm