Accepted libpgjava 42.4.1-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted libpgjava 42.4.1-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 08 Aug 2022 13:34:59 +0000
Message-id: <[🔎] E1oL2uJ-008Dok-Tm@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 Aug 2022 14:53:28 +0200
Source: libpgjava
Architecture: source
Version: 42.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Closes: 1016662
Changes:
 libpgjava (42.4.1-1) unstable; urgency=medium
 .
   * New upstream version 42.4.1
 .
     Fixes SQL generated in PgResultSet.refresh() to escape column identifiers
     so as to prevent SQL injection.
     (Closes: #1016662, CVE-2022-31197, reported by Sho Kato)
 .
     Previously, the column names for both key and data columns in the table
     were copied as-is into the generated SQL. This allowed a malicious table
     with column names that include statement terminator to be parsed and
     executed as multiple separate commands.
Checksums-Sha1:
 38593061c6f546a2e58e17fe20bb907bc9954d9e 2565 libpgjava_42.4.1-1.dsc
 24ceaca7673c07ae625a8f02341fa2b115e8478e 969554 libpgjava_42.4.1.orig.tar.gz
 ce7c1d32d2a31320cd701cf9404577961b62d427 10228 libpgjava_42.4.1-1.debian.tar.xz
Checksums-Sha256:
 7e0a77fe37b1ae197a50fd5e1e45272d99192eb136e68b150fed81603f3b1159 2565 libpgjava_42.4.1-1.dsc
 edf1ead37f4d64f97e0d18a59b9a81f8d6cab7bdc523c9c4f20f742387d1d9af 969554 libpgjava_42.4.1.orig.tar.gz
 eeb5438eec8284a7af4a876f149cdf4a77df02702d327db3ed111890253c493b 10228 libpgjava_42.4.1-1.debian.tar.xz
Files:
 01f4d43ab2ed41aa61eaecc6619bef47 2565 java optional libpgjava_42.4.1-1.dsc
 43b21d1f2511373d8182c517c3b4cb11 969554 java optional libpgjava_42.4.1.orig.tar.gz
 ded5f3dbae97f8f89387558a4299b1a0 10228 java optional libpgjava_42.4.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmLxDZwACgkQTFprqxLS
p65/tg/9GcPXONKkBZJ8xaVTrDQgkGCdV5Cu0QIgSWia11nffsgD9YrojWeaWDhr
BS6dgRoWlkywslwEj8NhSt0vYV7crfMom7AFjaPV1ko27cYTkH6xGzh77iIwU1Tb
U+SHSVg6jIj6haO/FT4UhkGL37YoVvq1PdaxoG5B/vlqA/NZM4JqgRnjCjF/VpZW
OIlBuHXQ+6viQpUEqqHlAxuzDIlj9pnb/WE33S5xpRqxiK91wdAMgnqyWVKHSErO
3Ay6HjuQvnjbPwww5tGgIQ4fUSXW1s5hs6Sop0KB4YAQ9r9MLbPijQuXprtBjr56
yj5Bsio8BYTo65IDGM3Nqpjqo7lWHYMcm9I8dW+p1APmwHVqNzQ15/jQQnfKcQtJ
KqKkQL/04ff/BTei9neB16DF+3KYGPFnFxC7xtfC245qaYMpWKFhiBkpRDFW+BEL
6XqFMM01sWnkYdUfCm6izAZVU1wx3PjDNakK4NYSKL298jYZXpA/iXx7VjL3Ycor
RJX+kkJEIhNYfzIlmb2ss6fbtrOqPmpRdMlfn9Ry74u+XPimXNjvgy4x+MRSdtdt
g5k7/JsR5wY8e00Pn8xCuOsf98kbDJFR9z2iCmon4asqijYkBsXOEiAtZI+QYstl
GDHfCR8dfIG27jin7UqR0188niJ3wH4BnT9/3lLYFfmT8nqVuA4=
=BVZM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted haskell-tasty-lua 1.0.2-1 (source) into unstable
Next by Date: Accepted nvidia-graphics-drivers 470.141.03-1 (source) into unstable
Previous by thread: Accepted haskell-tasty-lua 1.0.2-1 (source) into unstable
Next by thread: Accepted nvidia-graphics-drivers 470.141.03-1 (source) into unstable
Index(es):
- Date
- Thread