Accepted h2database 1.4.197-4+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 15 Feb 2022 13:35:46 CET
Source: h2database
Architecture: source
Version: 1.4.197-4+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
37601d6f1b61e75c1543742e05fd9a44e53c1020 2315 h2database_1.4.197-4+deb10u1.dsc
3aa85cfe0d1891b656521a624efd1d75c5ed9258 14296 h2database_1.4.197-4+deb10u1.debian.tar.xz
8975512cb1ea2024bf8a01a3940c78b2e261c3be 11933 h2database_1.4.197-4+deb10u1_amd64.buildinfo
Checksums-Sha256:
1564af55cf26118c02eae19ce766fb1eb6b6e77c0dac42ca9fe9efc56356e17c 2315 h2database_1.4.197-4+deb10u1.dsc
e383d48dd6137e07b3d793323c039b8b015513bf9000dc254b00c332253a8532 14296 h2database_1.4.197-4+deb10u1.debian.tar.xz
bddd6f4ddd0441d697587b17413ed8737a9a57b598dd67cfd5f82607a1a3785e 11933 h2database_1.4.197-4+deb10u1_amd64.buildinfo
Changes:
h2database (1.4.197-4+deb10u1) buster-security; urgency=high
.
* Team upload.
* Security researchers of JFrog Security and Ismail Aydemir discovered two
remote code execution vulnerabilities in the H2 Java SQL database engine
which can be exploited through various attack vectors, most notably through
the H2 Console and by loading custom classes from remote servers through
JNDI. The H2 console is a developer tool and not required by any
reverse-dependency in Debian. It has been disabled in (old)stable
releases. Database developers are advised to use at least version
2.1.210-1, currently available in Debian unstable.
Files:
e7b37c3b9f627628e5e3d50b2cb6e2f3 2315 java optional h2database_1.4.197-4+deb10u1.dsc
7bf44ce2cbe89ccc3d174e0c592dbc0a 14296 java optional h2database_1.4.197-4+deb10u1.debian.tar.xz
19d552a0044fe08e02c4fb1d72b50fce 11933 java optional h2database_1.4.197-4+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmILnidfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkpNAQALII6zPWPmmuYCQtWC0OpUyKRxolFKncddaK
GvnBAAEsUpWb+49iws7SZnaP0h54Em0WeuwI5+cW0sxpgFNQXDYiHfW3Oce9vGae
k+9N13ur6EWydmJvFIGzaT3ohiGro58Wv61jYv885Hzj+t27oEDG9KHt0BIH778w
wV0llywKS8ynsKzQn8gb776/oMdsGXFtzQHSF3+CpqdpdtTBCNpJ60N0vnklmKm1
K5r5SmjcAGTmnr3YlZTaz7HEYL2+P1NP0XnE8UxAnmoes/FlkCvN3IwCIHMFbfC4
Rtr+hNgKvzp7p75r+Oqya6xIdIhrKmMsAVvQvLmfs4HIib4ASHpjZMGXAEyPEHG0
IpIUdEPhVsOhURqutpSc/n4LEi/jObf52azfXt2u5cedWCdMyiK4nD+YOByMu/Hn
w1/Qo4p9i0od7t5xwHYzdcJzMR0PlSUJR3e5zCbCmCN0uGgnMB7aOC0nChMLvtKd
5Aykdw0T8/orycbasRP+9dlx7VozFwtwXWmAHFMyipn7boiW9iGQ0i2lMw53u9d1
ZCO+W4OavGLQ9sEjpsS2EsSIIVFY0/WjUzvE7CgVYsLpkayRU/TXeCLq4zTfrs41
MukZMb4eK92tYaMlxREQgpqYO274XnIbI93fnAkerTQ+NR5rvDIs88yphS6Gqa/s
PBPsuWPR
=qY70
-----END PGP SIGNATURE-----