RE: [SECURITY] [DLA 3140-1] libpgjava security update

To: debian-lts@lists.debian.org
Subject: RE: [SECURITY] [DLA 3140-1] libpgjava security update
From: Onny van den Boom <onny@hippoline.nl>
Date: Mon, 10 Oct 2022 10:01:55 +0200
Message-id: <[🔎] 21124118eaef0a14d5da80b5a9b230e1@mail.gmail.com>
In-reply-to: <166516503233.454066.3931623094362788806@copycat>
References: <166516503233.454066.3931623094362788806@copycat>

Best,

Is it possible to change the subscription of gysbert@hippoline.nl in
helpdesk@hippoline.nl?

Thanks for letting me know.

Met vriendelijke groet,

Onny van den Boom | HippoLine
Ambachtweg 23 | 2841 MA Moordrecht
T +31 (0)182 820 398 | M + 31 (0)6 147 17 506
E onny@hippoline.nl

Werkdagen: ma-, di-, do- en vrijdag 09:00-14:00 uur

Bezoek ons op onze Website, LinkedIn of Twitter.

-----Oorspronkelijk bericht-----
Van: Chris Lamb <lamby@debian.org>
Verzonden: zaterdag 8 oktober 2022 03:00
Aan: debian-lts-announce@lists.debian.org
Onderwerp: [SECURITY] [DLA 3140-1] libpgjava security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

-
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3140-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 07, 2022                              https://wiki.debian.org/LTS
-
-------------------------------------------------------------------------

Package        : libpgjava
Version        : 42.2.5-2+deb10u2
CVE ID         : CVE-2022-31197
Debian Bug     : #1016662

It was discovered that there was a potential SQL injection vulnerability
in libpgjava, a Java library for connecting to PostgreSQL databases.

A malicious user could have crafted a schema that caused an application to
execute commands as a privileged user due to the lack of escaping of
column names in some operations.

For Debian 10 buster, this problem has been fixed in version
42.2.5-2+deb10u2.

We recommend that you upgrade your libpgjava packages.

For the detailed security status of libpgjava please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libpgjava

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be found
at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNAZuQACgkQHpU+J9Qx
Hlhy5hAAu4GAO9XZznUiT53ch3J0Dl69kJ1I83f0a6v8b7VSF6Aio1GIfxrD3xFJ
zNlmPS/jpK0k5N7VIfjOct+cdWqmeSJgPvwcFT3Z/ofcM2X23FPUUvpPQiBasnHD
rE4LY1ehsxMlw71iZxwkR3wqDiVSAaa8tuGwm+QIOC20z4eS9M/j4AGeRt1aRYFr
ADVgLCzfcR3wMMEvgfqNf0S7aVpcT2dRLk0bkkqC36gc9CxwQpND//6BYAKdNF15
82FH95F0wnaE0FTsbd4FGwm3NwJ4lmx5wARi3pcChUaLS/sQ6P7ugNbsLdpGo6Bf
2ud5QO84173WimFwMqqwlZ5gfM+bH+ZYdgx2pBrjMG/8Ke4KEl2GuZY6KjsVUp+D
DNHY/du8+aqHJVhJz0gufp2v3t40/ItedWqsClRcJprCcpzWu5lTOv9HzVUNw0x3
O8ivMWxFj/Sp/uGIFKePUQzB631NcZ/GZMtryFyUhGABukTlQh9BQuYS1dbPCB1n
yf6fndIVIFasRf5en/R7dWJeE5sfU3/+Ue3AcFhcVoPdETEq2fQlxGBB6TZXiN6T
GBntA5jaSHHWI8czslYhkhsmHbNExVeRpIY7imTC0Un22yfqoq2F4mYjYHIB5KjY
1sV8daGZRfMs4M9KODqQzqTjLncEDqZzJTf/iq10/5mn5N773wg=
=LQ7F
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 3140-1] libpgjava security update
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: remise de 50 points sur la totalité de nos bases btob
Next by Date: Re: [SECURITY] [DLA 3140-1] libpgjava security update
Previous by thread: remise de 50 points sur la totalité de nos bases btob
Next by thread: Re: [SECURITY] [DLA 3140-1] libpgjava security update
Index(es):
- Date
- Thread