Forum: >>> Magnum BBS <<<

Accepted libpgjava 42.2.5-2+deb10u1 (source) into oldstable-proposed-up

From Debian FTP Masters@21:1/5 to All on Tue Aug 2 21:50:01 2022

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Jul 2022 00:31:50 CEST
Source: libpgjava
Architecture: source
Version: 42.2.5-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
1f13181b2e46262b95aed4c1c5e1e0c9f13f602a 2736 libpgjava_42.2.5-2+deb10u1.dsc
fcebf49b3048c9a661a399e76a4e73fa769cdb23 1372434 libpgjava_42.2.5.orig.tar.gz
9c618cebac3709a9d0bb3adb71dd4b99ccc7eea2 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
cd89009c2eb1ff19e18694d1ed7b0f1a0f4e392a 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
ce3f847d1b4b755dc3424f213a41758f3a1e378fdb183287a1b67d0d128ebc2e 2736 libpgjava_42.2.5-2+deb10u1.dsc
cb4873b0b0194ca7a5ac47033dd6dbe7b2798b98573ec810b8b7c4792ffe51b2 1372434 libpgjava_42.2.5.orig.tar.gz
318b620f58f03f981e60d27ba4f66bed2b689718043e6b60ab00d8a6577945f3 20516 libpgjava_42.2.5-2+deb10u1.debian.tar.xz
4579e626166326684fbe4fe21535bb9f4283e2fe135aaf075f2b810e5fc16f9d 14231 libpgjava_42.2.5-2+deb10u1_amd64.buildinfo
Closes: 962828
Changes:
libpgjava (42.2.5-2+deb10u1) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-26520:
An attacker (who controls the jdbc URL or properties) can call
java.util.logging.FileHandler to write to arbitrary files through the
loggerFile and loggerLevel connection properties.
* Fix CVE-2022-21724:
The JDBC driver did not verify if certain classes implemented the expected
interface before instantiating the class. This can lead to code execution
loaded via arbitrary classes.
* CVE-2020-13692: Fix XXE vulnerability in PgSQLXML by disabling external
access and doctypes. (Closes: #962828)
Files:
65fa861446f001eef1b506365638fd7f 2736 java optional libpgjava_42.2.5-2+deb10u1.dsc
26f2739929269bf6e7b3f687d1e7f242 1372434 java optional libpgjava_42.2.5.orig.tar.gz
1f89893d5ca37b504f83ddbf9e638dfe 20516 java optional libpgjava_42.2.5-2+deb10u1.debian.tar.xz
18a0c8f657b0f23209dbd06e9fa7f433 14231 java optional libpgjava_42.2.5-2+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhvNpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkZM0QAM5vQpcGKwjm7aiLjNpPdan1ZpFJpldAnJJX /2NiFejhR9E7akC9fEYR3ni/WQ07R3ZbllP9gbiIC08c6sIaWopn8rY+cZxafgoU 1IwHS6Ij/cusEGdZzG2g8LU5TDibO69WJbvkZui1zOfhDdCkAcAaynl7fLJJhKxK IH9fUu0tlCxXuBJJtkGEUsytuNBg2B9w/yy+huArjidKCPd38GONUlPPlAYEK6pa Q7xUcKurBxkNFzxv3r+q4/dxTjGCCvTLepqauItE9i+FVF1m8ioJDK0LHnsspniJ d/zH/FQnXCLCVJYb/VIm5kGzahRKWW8tgZqwrtPb7gd3UuTwrgUZyA3BuorQA/wo cDf5ibJWVu0fs3vWxZ3xSFPxTZGxmCAVszuzZA8/qoaDONGHCT+ECViVHReZ/8D5 5w1vie4CZ6Oi9r9J0jKkvknT8AChS8ZcVd/SMT1md8byC5zY3NbIx3l3x3k4GxjD s8fz5DQ3EzgErmVzz+0ZiLk3xzqp6uPTCoDFxZPP/aBD1Ib1Rx2llDL0Paxbg9RR A9pITcyZ6yyJuDxgipciLjPTTHtjtVrdfRLbEEve+XFhBke3bsVVKEqWfdqXxtrO 2zspLyXOCeim2yW/7Xzxu/ocN7x1CavnbDXhkclEZ1J60S9VmX7GLqR/5gxGgDTc
sQxPyeVN
=qf5d
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Smithy
  Fri Apr 19 18:53:54 2024
  from Plymouth via Telnet
- Bob Worm
  Fri Apr 19 14:04:19 2024
  from Wales, Uk via Telnet
- Richard
  Fri Apr 19 12:43:01 2024
  from Leeds, Uk via SSH
- Bob Worm
  Fri Apr 19 09:15:26 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	293
Nodes:	16 (2 / 14)
Uptime:	228:39:21
Calls:	6,624
Calls today:	6
Files:	12,171
Messages:	5,318,994

Accepted libpgjava 42.2.5-2+deb10u1 (source) into oldstable-proposed-up

Who's Online

Recent Visitors

System Info