Back to h2database PTS page

Accepted h2database 1.4.197-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted h2database 1.4.197-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 18 Feb 2022 19:17:07 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nL8kd-000920-9L@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Feb 2022 13:20:15 CET
Source: h2database
Architecture: source
Version: 1.4.197-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 a8ddbbd2ac2ac413f5f0d3f58bc49508985fe6f3 2315 h2database_1.4.197-4+deb11u1.dsc
 56da99c098a24385fb66669716e4ee7e3c42e94c 2285716 h2database_1.4.197.orig.tar.xz
 be9ba7dda01c1320eb8e08fd5f924e77ec11778e 14296 h2database_1.4.197-4+deb11u1.debian.tar.xz
 ec5370d233860583f4aa8a40b941cd11d897e55b 11966 h2database_1.4.197-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
 7bec4870910f72caa895c6059636bc603787274e2452da9f05171df6f89dc6ea 2315 h2database_1.4.197-4+deb11u1.dsc
 728b1171cbfd160a84c246463e0df700c08ed6c49ef30a37663b209bba0bf420 2285716 h2database_1.4.197.orig.tar.xz
 28845adce5b5df9f74f26a8710c705aca890ff4a39478bc7369d647b9f46a5a3 14296 h2database_1.4.197-4+deb11u1.debian.tar.xz
 bf6148b7ce3177cbb29f1da52f6aec83412cbb54ed8d2ad7b3fffb1f6318f2e7 11966 h2database_1.4.197-4+deb11u1_amd64.buildinfo
Changes:
 h2database (1.4.197-4+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Security researchers of JFrog Security and Ismail Aydemir discovered two
     remote code execution vulnerabilities in the H2 Java SQL database engine
     which can be exploited through various attack vectors, most notably through
     the H2 Console and by loading custom classes from remote servers through
     JNDI. The H2 console is a developer tool and not required by any
     reverse-dependency in Debian. It has been disabled in (old)stable
     releases. Database developers are advised to use at least version
     2.1.210-1, currently available in Debian unstable.
Files:
 a1ecfac9fe72ef8b42f4e89ab34b260c 2315 java optional h2database_1.4.197-4+deb11u1.dsc
 2cba84c41b2cefb0b0df2dee824302de 2285716 java optional h2database_1.4.197.orig.tar.xz
 247970517769111a7a3be3a18ac50b9f 14296 java optional h2database_1.4.197-4+deb11u1.debian.tar.xz
 e6f18571933dbed6eb9afff89de12825 11966 java optional h2database_1.4.197-4+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmILmrZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkigYQAJgLTLX+jlofqONVeCpeH8FJMXx3/q3aKxt3
m68xi8DP39M14leuYJKB2rwgmUXj9W2jOW4PNMipqAm2vaiLQJXZ9TNJ5x0IGXs0
aK1xfU3jHTSMtrhyt8AEBVDDQ0Vat08ugZ6nmrUPRE0dkLwPJq1Mdq/FYdf1HQDC
55Av7r3I9DM60KldVmlBkfhnMFdAL2Yd3gOLKiVL3OGh3YnMXtk7YsgtnzOTfVgO
/nJf/rhtvwjyjYQzNGJLDFv+trE14LPJY6VdN2lHxiTNi0Scz9sfSHO0mJJPtzBF
ozGMGaqbb5HREeGrNvvoYIGJ90ry468jj/rSal28cgZYpyDKMquvmIdIbzaxAVZ8
FMG0NB0kIyR3wbrJ9Bi09XmBwv5a3UJIIbwSbwlYt24ntl6Bbhe9TR8ury3xOcEY
3qmVITVBl34ltRi9XdjyuViP1Z/95vQ42DLMGjXpvfDYelcxuSz5Au0fr2ZTo+ZG
kEQQf+AP5YA8HCskeMlER3/hLGNK9us5GyI75UmJjHHaGy1aogY5KFa8BnrekANJ
9THuS7BxjA1rFpt/e9MBSyZsAMhWDqzEgEc3z9Esm0wO65fbZhDKFUK3GnvEgRmG
YQ2+Jw/59FRyG26qjtsOKRvqxkxrGXUWhIraosDTT0jrnWTf3+NHNzDWiSJDtaHf
cSw0l/q7
=C3bz
-----END PGP SIGNATURE-----