Back to hsqldb1.8.0 PTS page

Accepted hsqldb1.8.0 1.8.0.10+dfsg-10+deb10u1 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted hsqldb1.8.0 1.8.0.10+dfsg-10+deb10u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 21 Jun 2023 21:10:23 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_source.changes
Debian-source: hsqldb1.8.0
Debian-suite: oldoldstable
Debian-version: 1.8.0.10+dfsg-10+deb10u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=x+y9nOOdkLgz6h7xcQQ2v5KCl72JmA98uaAQgAnQ9gg=; b=IeQ1pFfmeJU5ZA7kaKLIMenUB/ iY5HahpRqUkyY2LGN2YlNVW9XRcMOX6Yx0SzI1yx5zAkvi8uzl+n0nMZKfC+exMBD2h7cpQuB+yzw TlLMm1GPYWLSS530XM65poeHWV7JKJGYgBSAUnGpmLCLexN1f/TKfCdtKpoUlNGPpX/96gAfs4nwd frcT9A3hgBsUURzWLL8Tcp7DX+594+IpVAz0n9/568Q08jLh0K6bo1tx2JNIqjWD+qChuXQv66hSE xL3qb8ANqhJCzJgYtYMb1pvROXVLscQG4LTRswPmFaHl6mYE5eS6h+cZpiycOw8Ul0VPG+lyqbZkD mq7/QN5g==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qC55r-00EYdi-7v@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jun 2023 22:53:03 CEST
Source: hsqldb1.8.0
Architecture: source
Version: 1.8.0.10+dfsg-10+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 6a6e39360a108498d5ef8f9a77057c82eaeb2934 2104 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc
 8d521d1c7eb09ad10f620c6c71efbcc28fa1c98f 2917677 hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz
 640890ebabcc27634e01a238cac703764bd25a22 30315 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz
 aba567e3a4268854164b8cbc168c3fc0f7d05ed3 11441 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo
Checksums-Sha256:
 ba52861a22e524fc4c01b79eef4702ca1bacc88d4f7c631f2734f190509523aa 2104 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc
 e555da47b3c1c3f364de2297b2c2b76113fbbd903604d6a0a6f782b060a16f48 2917677 hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz
 b5a9f45d91b31ea89e7d4e367524de5cd0018c9148a16dac90cb3bf0497e790d 30315 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz
 6fa45490709b2906a24f3168e9db1edd435522223d66c32300fc8628c332cdff 11441 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo
Changes:
 hsqldb1.8.0 (1.8.0.10+dfsg-10+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2023-1183:
     Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL
     database engine, allowed the execution of spurious scripting commands in
     .script and .log files. Hsqldb supports a "SCRIPT" keyword which is
     normally used to record the commands input by the database admin to output
     such a script. In combination with LibreOffice, an attacker could craft
     an odb containing a "database/script" file which itself contained a SCRIPT
     command where the contents of the file could be writen to a new file whose
     location was determined by the attacker.
Files:
 0651703410160af414888a2155d26daa 2104 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc
 dbb18b7849edc08e4bfb73552039e828 2917677 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz
 eb3e2a48fd8fcee3acdcd1f43a8c0cd0 30315 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz
 afb6646d4c35e0c0b1cb7b657b14bcf4 11441 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTY3xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hko5kP/j3qdcDVEROuG4QsDmxpj0KYt2MCuAEW0yXs
4byWHNeU7vM4JOdSV9OM/b+K6hXD6fJHNs0d45EjODOb/JP1i19BNXOL8tq4tou8
ANSw00AAjA/8tqP8vxfxT3H0dJ5qDr5Xc0/6REWwwW6lGzLvPm8v3clu/5QWs8Wy
KTz01V90XK9Leo4CHQ8WPeUGYTSrwPj9KAxBqOceqjxmviBsdsy7SSjndu9KCfIE
NypSOjbPW9P+RPGc6+zfJcQUPtgcDkTZQn50tgpg2pVDKnDrjv9u6BzZ1OIdbUZk
wy5ggCtKV7b3rmUQXMrXXuBd5wm7s1YC3oNYg0BGI2dhnoYGb06nNGz3lSOrq/WT
9G8y1l9CWQQaIcSq4RBgJvvpKIjsqJvGhjQIEyPDRaFrc9yr5rsw6Qy1rYGnTfTX
FtydMLOdZktTrqsJ4pjIKG4QqxakRPB34z2BV369+TchLB+SdXhqBXPSpvLRDGBP
FxRp4jN+f2D/Zxm2u3u0+gjy+v+AgzIjnEJWuhHMQmxPHt4Nl+1e7WjzaZZCnXCq
RA7UU6djfudojJV0tFN2W1OzWCS2k99XO69qNNVZTiOJ/SEN99XMIfMpytzPHlaU
FDjz5jUx0Sa50oIbfs5/gYamRefbdPC6sG1ZTD8Q/W19TKbl3nAUptq/69SXE76+
znWjXboi
=3HA7
-----END PGP SIGNATURE-----