[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted libpgjava 42.2.5-2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Jul 2022 00:31:50 CEST
Source: libpgjava
Architecture: source
Version: 42.2.5-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 1f13181b2e46262b95aed4c1c5e1e0c9f13f602a 2736 libpgjava_42.2.5-2+deb10u1.dsc
 fcebf49b3048c9a661a399e76a4e73fa769cdb23 1372434 libpgjava_42.2.5.orig.tar.gz
 9c618cebac3709a9d0bb3adb71dd4b99ccc7eea2 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
 cd89009c2eb1ff19e18694d1ed7b0f1a0f4e392a 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
 ce3f847d1b4b755dc3424f213a41758f3a1e378fdb183287a1b67d0d128ebc2e 2736 libpgjava_42.2.5-2+deb10u1.dsc
 cb4873b0b0194ca7a5ac47033dd6dbe7b2798b98573ec810b8b7c4792ffe51b2 1372434 libpgjava_42.2.5.orig.tar.gz
 318b620f58f03f981e60d27ba4f66bed2b689718043e6b60ab00d8a6577945f3 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
 4579e626166326684fbe4fe21535bb9f4283e2fe135aaf075f2b810e5fc16f9d 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Closes: 962828
Changes:
 libpgjava (42.2.5-2+deb10u1) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-26520:
     An attacker (who controls the jdbc URL or properties) can call
     java.util.logging.FileHandler to write to arbitrary files through the
     loggerFile and loggerLevel connection properties.
   * Fix CVE-2022-21724:
     The JDBC driver did not verify if certain classes implemented the expected
     interface before instantiating the class. This can lead to code execution
     loaded via arbitrary classes.
   * CVE-2020-13692: Fix XXE vulnerability in PgSQLXML by disabling external
     access and doctypes. (Closes: #962828)
Files:
 65fa861446f001eef1b506365638fd7f 2736 java optional libpgjava_42.2.5-2+deb10u1.dsc
 26f2739929269bf6e7b3f687d1e7f242 1372434 java optional libpgjava_42.2.5.orig.tar.gz
 1f89893d5ca37b504f83ddbf9e638dfe 20516 java optional libpgjava_42.2.5-2+deb10u1.debian.tar.xz
 18a0c8f657b0f23209dbd06e9fa7f433 14231 java optional libpgjava_42.2.5-2+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhvNpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkZM0QAM5vQpcGKwjm7aiLjNpPdan1ZpFJpldAnJJX
/2NiFejhR9E7akC9fEYR3ni/WQ07R3ZbllP9gbiIC08c6sIaWopn8rY+cZxafgoU
1IwHS6Ij/cusEGdZzG2g8LU5TDibO69WJbvkZui1zOfhDdCkAcAaynl7fLJJhKxK
IH9fUu0tlCxXuBJJtkGEUsytuNBg2B9w/yy+huArjidKCPd38GONUlPPlAYEK6pa
Q7xUcKurBxkNFzxv3r+q4/dxTjGCCvTLepqauItE9i+FVF1m8ioJDK0LHnsspniJ
d/zH/FQnXCLCVJYb/VIm5kGzahRKWW8tgZqwrtPb7gd3UuTwrgUZyA3BuorQA/wo
cDf5ibJWVu0fs3vWxZ3xSFPxTZGxmCAVszuzZA8/qoaDONGHCT+ECViVHReZ/8D5
5w1vie4CZ6Oi9r9J0jKkvknT8AChS8ZcVd/SMT1md8byC5zY3NbIx3l3x3k4GxjD
s8fz5DQ3EzgErmVzz+0ZiLk3xzqp6uPTCoDFxZPP/aBD1Ib1Rx2llDL0Paxbg9RR
A9pITcyZ6yyJuDxgipciLjPTTHtjtVrdfRLbEEve+XFhBke3bsVVKEqWfdqXxtrO
2zspLyXOCeim2yW/7Xzxu/ocN7x1CavnbDXhkclEZ1J60S9VmX7GLqR/5gxGgDTc
sQxPyeVN
=qf5d
-----END PGP SIGNATURE-----


Reply to: