Accepted libpgjava 42.2.15-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libpgjava 42.2.15-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 06 Aug 2022 21:02:10 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=1W6E2h0kMDGYuLJUv9fVkLiQvdM4bK9+u21n9nvyc0w=; b=C1NRmOQyeRkqzkDjGv+JXMVtMc 3bWSHzkPg5ItZE8LGTZMgxa4NMmSScuUKgt6SRE0VHpAISF1kD6YQBMO9ipyTXx78BKV/Taf0CPUg N8L7u1kWJYoiBLCPlEqM0GXlZ4TImVIR1xEgfUC7H/2XBbwgfwyzerTj5Azg9nSmlQT1KlU+DhY77 qodur7FSk4nEOEBew3UOGCuY8gMAjRP0a0fqoy6p+94gjA7urnZ3z3XJ49XTXo80Fj+Ywjdbk9/Go Ymtuw9QEES7Lsm2dexCSskbPeqaFKeb8mtf3XOODod/twn2oki5NUiLujK8nzRknM3D0+v59FBlf4 JtTa01Yg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oKQvy-00HGx8-2M@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Jul 2022 23:09:55 CEST
Source: libpgjava
Architecture: source
Version: 42.2.15-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
85ae95d20d3aac351a085ac3f5855eb9a34cccf4 2746 libpgjava_42.2.15-1+deb11u1.dsc
36a1f7411b1700ad6fc9c4a592ea1763e0487cb0 903018 libpgjava_42.2.15.orig.tar.gz
aa8f4aa31a801678b2e0d424ba40219e06a4f15c 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz
e61a9df7894045ea80ae625646cccd22d6788cdd 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
953033b870e91ca745830146b3e300bff162cc35de11dd4bbb4c15dcb2adc75a 2746 libpgjava_42.2.15-1+deb11u1.dsc
fd34f1d133bf9df29fa853bea44029ba22b00a478984d7233fb6218b66d47a8f 903018 libpgjava_42.2.15.orig.tar.gz
610d614f43632bac68ce5ca0762c9a3c74f45ad4d450e99a3c81bad443f4d488 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz
30aa78fe08408736b1208fa6c66d2fa2a61277a9773415b013c92c78a8c19955 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
Changes:
libpgjava (42.2.15-1+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* Fix CVE-2022-26520:
An attacker (who controls the jdbc URL or properties) can call
java.util.logging.FileHandler to write to arbitrary files through the
loggerFile and loggerLevel connection properties.
* Fix CVE-2022-21724:
The JDBC driver did not verify if certain classes implemented the expected
interface before instantiating the class. This can lead to code execution
loaded via arbitrary classes.
Files:
6217c286a442eb00b3b008af6f4c4f0c 2746 java optional libpgjava_42.2.15-1+deb11u1.dsc
27ec7ca1fe1059eb9cc5014de76176f3 903018 java optional libpgjava_42.2.15.orig.tar.gz
c1e9e7b121be7214ebb80176c0c27952 15536 java optional libpgjava_42.2.15-1+deb11u1.debian.tar.xz
ddae6da2b4256e4d50461c4d0addeb63 14524 java optional libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhxqJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkBtoQAMalk8QW+yyrE9nT7R2w+c8LZUMVQcvq60YO
0gCpDPeWOW1zrkbTr6+Tx/Ag5dOGjXlypmbzKX1k8GHARtbkx9n9kpN0nbbjW3iT
Y8ag7BtR1MSF/0+9kfpWpxCQeNYZVkYazq8+7do2EfSqZO3t+VGnVchemxxfgO++
XNfOb/nK+1ozoV0hVm06GwHyqo/Hs7buVQ/QwFzyVBZS8nUOAyrAM/BjHAnJwQw4
zElJoZOikY1SP5nw98aqQxcRs7II2lxObfbo9DyS3QLNKVaNv+d6TTS6/pwQQG0T
FTP/uKQTR9vFxUGIcsjQTLJYmpNwhi/n0SlNkc2bP4WUvaiEMwuXJd3bYvJ7Kg1U
TaajCh1dshB35HkWYVlhiTuVRGNFtchKnfY6+QVP5h8BrAWXzLJ+zRZDh184407E
LSfDVW7nlCpOSjQBUkyHpzrkZ3476i+/SaR0WYBfPNVqjdQxKOQh1XisECVOPrSe
FEZBkI2Ee7FBxGuZUHXbXlwJ3uUuea3JsumCAA4dbo9y4RAj/DpD9OxXcDrzwd0X
n47gIxlVZ84CuFiKP2PrOFTPK1nxX6HgQYTromoqZUdLnEFRDnnOkhTBSGhsSl5T
h/FjFfg+LRGqiv/nMCm5k1FIrjLApXvD33hpHjrT3/6r5lY9o7dB14+5Q3VPNzu4
AKpuuPIX
=efyW
-----END PGP SIGNATURE-----