Accepted libpgjava 42.4.1-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted libpgjava 42.4.1-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 08 Aug 2022 13:34:59 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=tC44Gm0BJJML/K4CX36orBDLXH/JOMzsBB33FXgLqUY=; b=O2XlZC5haQkgWZd/Q03etFo3pH Ma8jl4ja9wGBVYqTXuFVknj9p16Biif61Soe27TzPS8CCjAaqJCZtFcqqN+zL8S7gon9uDpWqRpwi 1pUJMryxATvp/yakepUHW6tVhiHktLtQZepXPiO+es0oaiwxU4D3tbFUDGdafgoukxaFZyL1yZRiO 9wEk37y6YlOsPNfqrgS53hZZ/tPqjaNTu5JOeUux/U6mCYR+Y13kwQmvk3aT/0M8PJhK1g/xZzKGE 8SmWOt7+xnTYETR80c6Chnbfg8DBDc2lZfU1K+sjb/wmIkGC6vPDN3axHf3mfeIJuqB6/sPcYJBa/ 7hi4VRdw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oL2uJ-008Dok-Tm@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 08 Aug 2022 14:53:28 +0200
Source: libpgjava
Architecture: source
Version: 42.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Closes: 1016662
Changes:
libpgjava (42.4.1-1) unstable; urgency=medium
.
* New upstream version 42.4.1
.
Fixes SQL generated in PgResultSet.refresh() to escape column identifiers
so as to prevent SQL injection.
(Closes: #1016662, CVE-2022-31197, reported by Sho Kato)
.
Previously, the column names for both key and data columns in the table
were copied as-is into the generated SQL. This allowed a malicious table
with column names that include statement terminator to be parsed and
executed as multiple separate commands.
Checksums-Sha1:
38593061c6f546a2e58e17fe20bb907bc9954d9e 2565 libpgjava_42.4.1-1.dsc
24ceaca7673c07ae625a8f02341fa2b115e8478e 969554 libpgjava_42.4.1.orig.tar.gz
ce7c1d32d2a31320cd701cf9404577961b62d427 10228 libpgjava_42.4.1-1.debian.tar.xz
Checksums-Sha256:
7e0a77fe37b1ae197a50fd5e1e45272d99192eb136e68b150fed81603f3b1159 2565 libpgjava_42.4.1-1.dsc
edf1ead37f4d64f97e0d18a59b9a81f8d6cab7bdc523c9c4f20f742387d1d9af 969554 libpgjava_42.4.1.orig.tar.gz
eeb5438eec8284a7af4a876f149cdf4a77df02702d327db3ed111890253c493b 10228 libpgjava_42.4.1-1.debian.tar.xz
Files:
01f4d43ab2ed41aa61eaecc6619bef47 2565 java optional libpgjava_42.4.1-1.dsc
43b21d1f2511373d8182c517c3b4cb11 969554 java optional libpgjava_42.4.1.orig.tar.gz
ded5f3dbae97f8f89387558a4299b1a0 10228 java optional libpgjava_42.4.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmLxDZwACgkQTFprqxLS
p65/tg/9GcPXONKkBZJ8xaVTrDQgkGCdV5Cu0QIgSWia11nffsgD9YrojWeaWDhr
BS6dgRoWlkywslwEj8NhSt0vYV7crfMom7AFjaPV1ko27cYTkH6xGzh77iIwU1Tb
U+SHSVg6jIj6haO/FT4UhkGL37YoVvq1PdaxoG5B/vlqA/NZM4JqgRnjCjF/VpZW
OIlBuHXQ+6viQpUEqqHlAxuzDIlj9pnb/WE33S5xpRqxiK91wdAMgnqyWVKHSErO
3Ay6HjuQvnjbPwww5tGgIQ4fUSXW1s5hs6Sop0KB4YAQ9r9MLbPijQuXprtBjr56
yj5Bsio8BYTo65IDGM3Nqpjqo7lWHYMcm9I8dW+p1APmwHVqNzQ15/jQQnfKcQtJ
KqKkQL/04ff/BTei9neB16DF+3KYGPFnFxC7xtfC245qaYMpWKFhiBkpRDFW+BEL
6XqFMM01sWnkYdUfCm6izAZVU1wx3PjDNakK4NYSKL298jYZXpA/iXx7VjL3Ycor
RJX+kkJEIhNYfzIlmb2ss6fbtrOqPmpRdMlfn9Ry74u+XPimXNjvgy4x+MRSdtdt
g5k7/JsR5wY8e00Pn8xCuOsf98kbDJFR9z2iCmon4asqijYkBsXOEiAtZI+QYstl
GDHfCR8dfIG27jin7UqR0188niJ3wH4BnT9/3lLYFfmT8nqVuA4=
=BVZM
-----END PGP SIGNATURE-----