Back to hsqldb PTS page

Accepted hsqldb 2.4.1-2+deb10u2 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted hsqldb 2.4.1-2+deb10u2 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 21 Jun 2023 23:00:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: hsqldb_2.4.1-2+deb10u2_source.changes
Debian-source: hsqldb
Debian-suite: oldoldstable
Debian-version: 2.4.1-2+deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=C7YqjKwp2Tti6De2nsdCyKLsJOfaINaSWLjeF+OxYzE=; b=MDiArY/vjafvnkx7YzVGPK/xwI XCdtfeO9yYzVKd+MUq1xfR5OToXlAQZKolMdvPrZ0GQ5o61JTUU+3qVtRpSMoA6D5NH3anM392RcB 99dT06DOFTYTYX40rDN/k1nYplcoQDYBKm1twP1OeygFq4ft/VlgcSAXTKnEmTSAkV00E2rMQmVJD N8/un4vRZLmb3et81h7i7e1aQcTREO5Tw46DDEgRn/84YwEYHNdjQyyNK/coVCEQTIHSM8U369OoC GLDrZc1UbXfNIduEogLERXefTq6w3JMJGOFlULuTOxmaq1GifrlKRRbUexJKkUwoB2HYnQCYAkvrB GismwUbA==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qC6oF-00Ersg-R4@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2023 00:45:34 CEST
Source: hsqldb
Architecture: source
Version: 2.4.1-2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 52bac78a2dad0492ddca606efee398d170144d3c 2264 hsqldb_2.4.1-2+deb10u2.dsc
 b926a6509588ea0855f355661b9d411e9f667070 12316 hsqldb_2.4.1-2+deb10u2.debian.tar.xz
 fc756d6130fdb8ccd39142a613c70e6b0c3a836f 11902 hsqldb_2.4.1-2+deb10u2_amd64.buildinfo
Checksums-Sha256:
 a84c9c57a5160238bd028331a95ec7bf82ade032feaea86ea32d78eaef5fc476 2264 hsqldb_2.4.1-2+deb10u2.dsc
 ea217e101b31bb81518f6e1c5d1f9a97e2347780b5486b36b0f4ab2e32ca79d0 12316 hsqldb_2.4.1-2+deb10u2.debian.tar.xz
 e9c15d04c0b6fb9bf8ea6559af4644804fe2e93f12ad29e7d8e8a444778b667e 11902 hsqldb_2.4.1-2+deb10u2_amd64.buildinfo
Changes:
 hsqldb (2.4.1-2+deb10u2) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-1183:
     Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL
     database engine, allowed the execution of spurious scripting commands in
     .script and .log files. Hsqldb supports a "SCRIPT" keyword which is
     normally used to record the commands input by the database admin to output
     such a script. In combination with LibreOffice, an attacker could craft an
     odb containing a "database/script" file which itself contained a SCRIPT
     command where the contents of the file could be written to a new file whose
     location was determined by the attacker.
Files:
 8823a9718ad60a5eb0079c585e8279f6 2264 libs optional hsqldb_2.4.1-2+deb10u2.dsc
 38ab13ba85fc1ac6fd6c17a5820f8a96 12316 libs optional hsqldb_2.4.1-2+deb10u2.debian.tar.xz
 9811450d134b432630e7027dd88dc506 11902 libs optional hsqldb_2.4.1-2+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTfhpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkmMMP/358PaFNIOHNYTKtiVCs7UE3XwCD5USz1GUG
pVF+7bCrCaMSkgsxVNJGXEUrRvBD1QtZF9jghSb4kTyFY8YcIzUI2N30IwhpelAP
eyGLToPMjEny0BJT1MosCrwwNUF6zn0/vlRPeRCirLAsJVSjutgmbk8NYmbBQDq8
fnj1FqlfgG3lWNp8/NAi35153L0YM8+JMtFHohk4P3el91dlBn0+Lp0+EYRS8EsT
T4gulQo9BtEyFRebTHMPN9O+8OPIfM5evI5x3E718Vch6BANORmAmr5MV9i3W4kW
Ea15YW4QGbfP0lcQVpzkfTS8bcUjlT5jjUuh151n3Z+OVACyg0AM9A/TPc2yqsZ9
SOTyyvDH3hw6zsDTEmWzQlJaZFoTz0+M2QiO1rSGpeurSSEl91z/V9Rq//F+Rs0s
Wb2pziSYaQZy5XmFiSuAOkzgJfJT51Srd5mvC96G162IMNPAK9b7wKpl5A4dvDyi
n16zLEKPwzZCVxZdLMTUm2hMZKNl3X5pqmENuLOBjVzbP2eEp7/kkRdmn8uXBk1J
+Xi1EoS4I/dVsIG8J1hcevNkVupbJ7z3WNC+TWFby0TY7SRY09areBZSQKl86dtJ
ZY2DsR1l0u9IbKK/GfooH3r5Jxnxlu1G5AQTNZpbEkU5BzLzlT2QSG1Hv6NuNshM
t9BYp0zO
=rxVa
-----END PGP SIGNATURE-----