Accepted hsqldb 2.7.1-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted hsqldb 2.7.1-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 04 Dec 2022 21:07:58 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: hsqldb_2.7.1-1_source.changes
- Debian-source: hsqldb
- Debian-suite: unstable
- Debian-version: 2.7.1-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=FEeQeItw1HVKzjoL+esTlwU6bxzowMWn0g/uSCD4JmA=; b=Rol+s0yWqV+HDlSizakG4vYv37 uT6zGgpK82uLkf5bITXTTyzvdJijM5TewktybbBVjrQR5bcSuAE0oH72n3VpvYzouCH78IJp2/JLJ zoFT2c0Ku6ILMUTipMXxE6SJAPoH/v5bu41wKDJYLhhlK5KI8X46phP42yAfjY4m8aPJoixnaXCdc L7nt3RVzp4FxuaHDwRNpq8cwpOUCNATkxVsY/LqN5IAmuOxQZPSaA2X1FUOU+Okj8NtqaDykMKEuw 1QbRzgxjSsdoe1IxIeSeHgNpzpQcgp0TnvOrbFknlSYZHKe1IgetjLTjBAh+F5yBJnojb3B0H6eB8 VjM/ZgWQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1p1wDO-00401z-JP@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Dec 2022 21:32:57 +0100
Source: hsqldb
Architecture: source
Version: 2.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1023573
Changes:
hsqldb (2.7.1-1) unstable; urgency=medium
.
* New upstream version 2.7.1.
- Fix CVE-2022-41853:
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb
(HyperSQL DataBase) to process untrusted input may be vulnerable to a
remote code execution attack. By default it is allowed to call any static
method of any Java class in the classpath resulting in code execution.
The issue can be prevented by updating to 2.7.1 or by setting the system
property "hsqldb.method_class_names" to classes which are allowed to be
called. For example, System.setProperty("hsqldb.method_class_names",
"abc") or Java argument -Dhsqldb.method_class_names="abc" can be used.
From version 2.7.1 all classes by default are not accessible except those
in java.lang.Math and need to be manually enabled.
(Closes: #1023573)
Checksums-Sha1:
6cb9a2688562741a81eb3da5f4aba832615769a3 2239 hsqldb_2.7.1-1.dsc
5b5cb87b48614f82576faec871e81f2cb308955f 3563928 hsqldb_2.7.1.orig.tar.xz
af0012ae4c3796efdbc75aa9e117e5f17d0996f8 11768 hsqldb_2.7.1-1.debian.tar.xz
5cfbb84418b8f43d5fcad11b2165038d5c819bbf 12702 hsqldb_2.7.1-1_amd64.buildinfo
Checksums-Sha256:
6ea736372faf5af6715ff357193e6156766717e2037b2401d9d05a82cf2a71be 2239 hsqldb_2.7.1-1.dsc
3605a8b3223d98fc0b50aa405ae1b4074be55fc9aaefeb56a441ffb11767e071 3563928 hsqldb_2.7.1.orig.tar.xz
7858f29ce0a472eb03f5e62c8ec4d9e8e0b37373d19c21b2a525233666cd9b0f 11768 hsqldb_2.7.1-1.debian.tar.xz
a3d070c788efd5d5f92361193f0b246fc12e7c1583148088ef2467a1b001a9db 12702 hsqldb_2.7.1-1_amd64.buildinfo
Files:
eb6d2da20a1d3f39add460125f87e374 2239 libs optional hsqldb_2.7.1-1.dsc
695a1f0dbbbcf7e0d700be8cc5b5a4b6 3563928 libs optional hsqldb_2.7.1.orig.tar.xz
4d97fae8b0d5de593d5b68b4370470f5 11768 libs optional hsqldb_2.7.1-1.debian.tar.xz
20e9a0db6ee559dd9d4359a3f11ff2c6 12702 libs optional hsqldb_2.7.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmONBg5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk6rMP/09n0d+g92W7vfNhXmPwkUczQ/iYeGPKU9QK
XrZm4Oj38JUtt+3uMA2M9eeuV7njRznjN2Bu1K2XKSIV6dRy2ZqfoyE4f7c54TN6
Jayn/UAf5CogPHO9mcM37m5gLKqkyW5V2bu61N70DTAlRDC/XGGe/HTotl2Ttzq9
qxSTh6UHxJS/2PVfQw8LVfCiLAedCyq4Ep/pr9oSJtCBV886V51qsDbTpVljpHWX
ODmlKeQ5R3I3dX6no2yi/yg9j3ZlypBJYcz/JgDx5VFzTieHts7odpbGNiOVxMIF
vuz8UDnahwLmWTKWfcU58UPP++8/xnS6Ih6fvBqRn7EGgeLDzhM3hIrJhmF5LkZO
VD6s9RZmnSkJH4OTv4DnyY5UmfFLJ8HIRAyS43mo6mjYY3U6FZh1rSb6GWlY/2m5
53u/bvWN8hj9cQc/xf5ifv2V24S1O701QO/Xu4rVZTXKnXg/zIXSjoDS2xYtiXdU
/X3pjIfFL4YTItIZQVOfhXM9wW56zjsdplehGJFtKENZH8DnTJCpni5lOAIZTn6G
8hjSD3p6Ue0ywjECg2hWc/ax10UFLxBOvLUpYiv5JFklYkb7B96pnkVvFdJoGHeI
xrqtgXCknE6+RrWiTzY680RxFaCd/IVG1csu5hoNNf1xXQdhIMgrfz167SAwGvDa
s0VPEn5A
=MDn8
-----END PGP SIGNATURE-----