libpgjava_42.2.5-2+deb10u1_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Aug 2 20:47:30 BST 2022
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Jul 2022 00:31:50 CEST
Source: libpgjava
Architecture: source
Version: 42.2.5-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Checksums-Sha1:
1f13181b2e46262b95aed4c1c5e1e0c9f13f602a 2736 libpgjava_42.2.5-2+deb10u1.dsc
fcebf49b3048c9a661a399e76a4e73fa769cdb23 1372434 libpgjava_42.2.5.orig.tar.gz
9c618cebac3709a9d0bb3adb71dd4b99ccc7eea2 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
cd89009c2eb1ff19e18694d1ed7b0f1a0f4e392a 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
ce3f847d1b4b755dc3424f213a41758f3a1e378fdb183287a1b67d0d128ebc2e 2736 libpgjava_42.2.5-2+deb10u1.dsc
cb4873b0b0194ca7a5ac47033dd6dbe7b2798b98573ec810b8b7c4792ffe51b2 1372434 libpgjava_42.2.5.orig.tar.gz
318b620f58f03f981e60d27ba4f66bed2b689718043e6b60ab00d8a6577945f3 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
4579e626166326684fbe4fe21535bb9f4283e2fe135aaf075f2b810e5fc16f9d 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Closes: 962828
Changes:
libpgjava (42.2.5-2+deb10u1) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-26520:
An attacker (who controls the jdbc URL or properties) can call
java.util.logging.FileHandler to write to arbitrary files through the
loggerFile and loggerLevel connection properties.
* Fix CVE-2022-21724:
The JDBC driver did not verify if certain classes implemented the expected
interface before instantiating the class. This can lead to code execution
loaded via arbitrary classes.
* CVE-2020-13692: Fix XXE vulnerability in PgSQLXML by disabling external
access and doctypes. (Closes: #962828)
Files:
65fa861446f001eef1b506365638fd7f 2736 java optional libpgjava_42.2.5-2+deb10u1.dsc
26f2739929269bf6e7b3f687d1e7f242 1372434 java optional libpgjava_42.2.5.orig.tar.gz
1f89893d5ca37b504f83ddbf9e638dfe 20516 java optional libpgjava_42.2.5-2+deb10u1.debian.tar.xz
18a0c8f657b0f23209dbd06e9fa7f433 14231 java optional libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhvNpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkZM0QAM5vQpcGKwjm7aiLjNpPdan1ZpFJpldAnJJX
/2NiFejhR9E7akC9fEYR3ni/WQ07R3ZbllP9gbiIC08c6sIaWopn8rY+cZxafgoU
1IwHS6Ij/cusEGdZzG2g8LU5TDibO69WJbvkZui1zOfhDdCkAcAaynl7fLJJhKxK
IH9fUu0tlCxXuBJJtkGEUsytuNBg2B9w/yy+huArjidKCPd38GONUlPPlAYEK6pa
Q7xUcKurBxkNFzxv3r+q4/dxTjGCCvTLepqauItE9i+FVF1m8ioJDK0LHnsspniJ
d/zH/FQnXCLCVJYb/VIm5kGzahRKWW8tgZqwrtPb7gd3UuTwrgUZyA3BuorQA/wo
cDf5ibJWVu0fs3vWxZ3xSFPxTZGxmCAVszuzZA8/qoaDONGHCT+ECViVHReZ/8D5
5w1vie4CZ6Oi9r9J0jKkvknT8AChS8ZcVd/SMT1md8byC5zY3NbIx3l3x3k4GxjD
s8fz5DQ3EzgErmVzz+0ZiLk3xzqp6uPTCoDFxZPP/aBD1Ib1Rx2llDL0Paxbg9RR
A9pITcyZ6yyJuDxgipciLjPTTHtjtVrdfRLbEEve+XFhBke3bsVVKEqWfdqXxtrO
2zspLyXOCeim2yW/7Xzxu/ocN7x1CavnbDXhkclEZ1J60S9VmX7GLqR/5gxGgDTc
sQxPyeVN
=qf5d
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list