[Git][java-team/hsqldb][bullseye] 2 commits: fix CVE-2023-1183
Rene Engelhard (@rene)
gitlab at salsa.debian.org
Mon Jun 19 17:20:37 BST 2023
Rene Engelhard pushed to branch bullseye at Debian Java Maintainers / hsqldb
Commits:
a768daa1 by Rene Engelhard at 2023-06-15T23:10:31+02:00
fix CVE-2023-1183
- - - - -
0eeccaf4 by Rene Engelhard at 2023-06-17T12:51:54+02:00
update CVE-2023-1183.diff
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2023-1183.diff
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+hsqldb (2.5.1-1+deb11u2) bullseye-security; urgency=medium
+
+ * Team upload.
+
+ * fix CVE-2023-1183
+
+ -- Rene Engelhard <rene at debian.org> Sat, 17 Jun 2023 12:51:34 +0200
+
hsqldb (2.5.1-1+deb11u1) bullseye-security; urgency=high
* Team upload.
=====================================
debian/patches/CVE-2023-1183.diff
=====================================
@@ -0,0 +1,26 @@
+diff --git a/hsqldb/src/org/hsqldb/StatementCommand.java b/hsqldb/src/org/hsqldb/StatementCommand.java
+index ab29d28..eaef1ab 100644
+--- a/hsqldb/src/org/hsqldb/StatementCommand.java
++++ b/hsqldb/src/org/hsqldb/StatementCommand.java
+@@ -963,6 +963,10 @@ public class StatementCommand extends Statement {
+ try {
+ session.checkAdmin();
+
++ if (session.isProcessingScript() || session.isProcessingLog()) {
++ return Result.updateZeroResult;
++ }
++
+ if (name == null) {
+ return session.database.getScript(false);
+ } else {
+@@ -1028,6 +1032,10 @@ public class StatementCommand extends Statement {
+ int mode = ((Integer) arguments[1]).intValue();
+ Boolean isVersioning = (Boolean) arguments[2];
+
++ if (session.isProcessingScript() || session.isProcessingLog()) {
++ return Result.updateZeroResult;
++ }
++
+ return ScriptLoader.loadScriptData(
+ session, pathName, mode, isVersioning.booleanValue());
+ } catch (HsqlException e) {
=====================================
debian/patches/series
=====================================
@@ -1 +1,2 @@
CVE-2022-41853.patch
+CVE-2023-1183.diff
View it on GitLab: https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da
--
View it on GitLab: https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230619/e6f1613c/attachment.htm>
More information about the pkg-java-commits
mailing list