apache-jena_4.9.0-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Sep 14 18:51:09 BST 2023
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Sep 2023 19:21:03 +0200
Source: apache-jena
Architecture: source
Version: 4.9.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 1035952 1041108
Changes:
apache-jena (4.9.0-1) unstable; urgency=medium
.
* New upstream version 4.9.0.
- Fix CVE-2023-22665: (Closes: #1041108)
There is insufficient checking of user queries in Apache Jena versions
4.7.0 and earlier, when invoking custom scripts. It allows a remote user
to execute arbitrary javascript via a SPARQL query.
- Fix CVE-2023-32200: (Closes: #1035952)
There is insufficient restrictions of called script functions in Apache
Jena versions 4.8.0 and earlier. It allows a remote user to execute
javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
through 4.8.0.
* B-D on libcaffeine-java and libcommons-collections4-java.
* Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
* Rebase and update the patches for the new release.
Checksums-Sha1:
245f1749d90701cfac0a53795c77d67828d15ae0 2602 apache-jena_4.9.0-1.dsc
a2e572a91a91cde46582a716592b0592462aa898 36144688 apache-jena_4.9.0.orig.tar.gz
efcb5d0a450bacf17651b382af332f95c68a84ac 19408 apache-jena_4.9.0-1.debian.tar.xz
1aeaf1ded1bf34d5b0e9392354cff0d9587ab013 15199 apache-jena_4.9.0-1_amd64.buildinfo
Checksums-Sha256:
c68e858c8435bc0f3ffee858c9aad713f5cb685a2623429d6410d990b747e5f2 2602 apache-jena_4.9.0-1.dsc
204c7c02982b4f84e817fbefd07ad9fe6e7ecf3d1e5451686e2bcba290500aef 36144688 apache-jena_4.9.0.orig.tar.gz
1ad064935e7befcbf667ef1ae32452ffb16363cb6fc554488afcb9afb5d946c2 19408 apache-jena_4.9.0-1.debian.tar.xz
b85fba0258916198909857c48087ce0d559fd244cb5771a60f327f60d57cf4b3 15199 apache-jena_4.9.0-1_amd64.buildinfo
Files:
65cd283dae2117e42f4c87ca1c913ee4 2602 java optional apache-jena_4.9.0-1.dsc
3d320c9a5ea1fd5d509aff6bfeb4b74e 36144688 java optional apache-jena_4.9.0.orig.tar.gz
bd2d75acc955dad803d9c2a068953d6a 19408 java optional apache-jena_4.9.0-1.debian.tar.xz
87ff3a4257fc816c85024002f9e5a0df 15199 java optional apache-jena_4.9.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUDRRlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkssoQALyG46XVieg/+H60uZaQzp+bvHDE4eBGLL46
dcaMvki5Eoa/mXvBxxT/scL2axIIUL334lJ8uVNofqPhbNaNRj1Sih9FuHinDE9O
7Naa9bKne++NlSBbNV4TTtzNW62SyYu/qOQ8NLzTCkGJ6GQfaPRH4pj+rGxIR1Jx
a+dvjPqXXTvqNpNLkd7pYqsBv/Mit9qZLo/6HMorlVbvLbwm9rRFV48CvVMRWH7N
UI+FsG+bfJ5xzrdd1qgldVKaAdFl8fmTZ2idWW100kJtPZql2xLOdPBekKM6xMgC
TcvCpQCfSUOYlxx1Z0nHFL5tfPrTlWLdcmxYUPQIRwFf3rD158N9+avXOtWsv8O0
m4orTS5UjX/XQX6f4EFYJ9SMH9su/0qXVgoGQiohb+sTm6AagCJqxmbiBGZ8of9d
ddlHKbj5VuB+TMg39m+MlMGUYST/RrInFO/MBxKNlvgUr8Kqx7RTQ2kK4/3P5eCK
JWCjr5NmZZJm3t3W9MBtODDOFSll8bfsDbu3d90zATfiSwizs0ojFr57rX9nxi9r
vqBZgkoYC8Uxft9Dab8t8hcnbG8IAfRonqNvpHdoJCdX0OtPUBZw9lia6WLkMVu8
WplHW1hN/l37Yek8j15ep8d960o25c9g8a2z0pbmE0zS4rVC3X+CJiGstOj1yQhi
vmDcqzhR
=21jH
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list