[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted libpgjava 42.2.15-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Jul 2022 23:09:55 CEST
Source: libpgjava
Architecture: source
Version: 42.2.15-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 85ae95d20d3aac351a085ac3f5855eb9a34cccf4 2746 libpgjava_42.2.15-1+deb11u1.dsc
 36a1f7411b1700ad6fc9c4a592ea1763e0487cb0 903018 libpgjava_42.2.15.orig.tar.gz
 aa8f4aa31a801678b2e0d424ba40219e06a4f15c 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz
 e61a9df7894045ea80ae625646cccd22d6788cdd 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 953033b870e91ca745830146b3e300bff162cc35de11dd4bbb4c15dcb2adc75a 2746 libpgjava_42.2.15-1+deb11u1.dsc
 fd34f1d133bf9df29fa853bea44029ba22b00a478984d7233fb6218b66d47a8f 903018 libpgjava_42.2.15.orig.tar.gz
 610d614f43632bac68ce5ca0762c9a3c74f45ad4d450e99a3c81bad443f4d488 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz
 30aa78fe08408736b1208fa6c66d2fa2a61277a9773415b013c92c78a8c19955 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
Changes:
 libpgjava (42.2.15-1+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-26520:
     An attacker (who controls the jdbc URL or properties) can call
     java.util.logging.FileHandler to write to arbitrary files through the
     loggerFile and loggerLevel connection properties.
   * Fix CVE-2022-21724:
     The JDBC driver did not verify if certain classes implemented the expected
     interface before instantiating the class. This can lead to code execution
     loaded via arbitrary classes.
Files:
 6217c286a442eb00b3b008af6f4c4f0c 2746 java optional libpgjava_42.2.15-1+deb11u1.dsc
 27ec7ca1fe1059eb9cc5014de76176f3 903018 java optional libpgjava_42.2.15.orig.tar.gz
 c1e9e7b121be7214ebb80176c0c27952 15536 java optional libpgjava_42.2.15-1+deb11u1.debian.tar.xz
 ddae6da2b4256e4d50461c4d0addeb63 14524 java optional libpgjava_42.2.15-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhxqJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkBtoQAMalk8QW+yyrE9nT7R2w+c8LZUMVQcvq60YO
0gCpDPeWOW1zrkbTr6+Tx/Ag5dOGjXlypmbzKX1k8GHARtbkx9n9kpN0nbbjW3iT
Y8ag7BtR1MSF/0+9kfpWpxCQeNYZVkYazq8+7do2EfSqZO3t+VGnVchemxxfgO++
XNfOb/nK+1ozoV0hVm06GwHyqo/Hs7buVQ/QwFzyVBZS8nUOAyrAM/BjHAnJwQw4
zElJoZOikY1SP5nw98aqQxcRs7II2lxObfbo9DyS3QLNKVaNv+d6TTS6/pwQQG0T
FTP/uKQTR9vFxUGIcsjQTLJYmpNwhi/n0SlNkc2bP4WUvaiEMwuXJd3bYvJ7Kg1U
TaajCh1dshB35HkWYVlhiTuVRGNFtchKnfY6+QVP5h8BrAWXzLJ+zRZDh184407E
LSfDVW7nlCpOSjQBUkyHpzrkZ3476i+/SaR0WYBfPNVqjdQxKOQh1XisECVOPrSe
FEZBkI2Ee7FBxGuZUHXbXlwJ3uUuea3JsumCAA4dbo9y4RAj/DpD9OxXcDrzwd0X
n47gIxlVZ84CuFiKP2PrOFTPK1nxX6HgQYTromoqZUdLnEFRDnnOkhTBSGhsSl5T
h/FjFfg+LRGqiv/nMCm5k1FIrjLApXvD33hpHjrT3/6r5lY9o7dB14+5Q3VPNzu4
AKpuuPIX
=efyW
-----END PGP SIGNATURE-----


Reply to: