1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted h2database 1.4.197-4+deb11u1 (source) into proposed-updates->s

    From Debian FTP Masters@21:1/5 to All on Fri Feb 18 20:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 15 Feb 2022 13:20:15 CET
    Source: h2database
    Architecture: source
    Version: 1.4.197-4+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Checksums-Sha1:
    a8ddbbd2ac2ac413f5f0d3f58bc49508985fe6f3 2315 h2database_1.4.197-4+deb11u1.dsc
    56da99c098a24385fb66669716e4ee7e3c42e94c 2285716 h2database_1.4.197.orig.tar.xz
    be9ba7dda01c1320eb8e08fd5f924e77ec11778e 14296 h2database_1.4.197-4+deb11u1.debian.tar.xz
    ec5370d233860583f4aa8a40b941cd11d897e55b 11966 h2database_1.4.197-4+deb11u1_amd64.buildinfo
    Checksums-Sha256:
    7bec4870910f72caa895c6059636bc603787274e2452da9f05171df6f89dc6ea 2315 h2database_1.4.197-4+deb11u1.dsc
    728b1171cbfd160a84c246463e0df700c08ed6c49ef30a37663b209bba0bf420 2285716 h2database_1.4.197.orig.tar.xz
    28845adce5b5df9f74f26a8710c705aca890ff4a39478bc7369d647b9f46a5a3 14296 h2database_1.4.197-4+deb11u1.debian.tar.xz
    bf6148b7ce3177cbb29f1da52f6aec83412cbb54ed8d2ad7b3fffb1f6318f2e7 11966 h2database_1.4.197-4+deb11u1_amd64.buildinfo
    Changes:
    h2database (1.4.197-4+deb11u1) bullseye-security; urgency=high
    .
    * Team upload.
    * Security researchers of JFrog Security and Ismail Aydemir discovered two
    remote code execution vulnerabilities in the H2 Java SQL database engine
    which can be exploited through various attack vectors, most notably through
    the H2 Console and by loading custom classes from remote servers through
    JNDI. The H2 console is a developer tool and not required by any
    reverse-dependency in Debian. It has been disabled in (old)stable
    releases. Database developers are advised to use at least version
    2.1.210-1, currently available in Debian unstable.
    Files:
    a1ecfac9fe72ef8b42f4e89ab34b260c 2315 java optional h2database_1.4.197-4+deb11u1.dsc
    2cba84c41b2cefb0b0df2dee824302de 2285716 java optional h2database_1.4.197.orig.tar.xz
    247970517769111a7a3be3a18ac50b9f 14296 java optional h2database_1.4.197-4+deb11u1.debian.tar.xz
    e6f18571933dbed6eb9afff89de12825 11966 java optional h2database_1.4.197-4+deb11u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmILmrZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkigYQAJgLTLX+jlofqONVeCpeH8FJMXx3/q3aKxt3 m68xi8DP39M14leuYJKB2rwgmUXj9W2jOW4PNMipqAm2vaiLQJXZ9TNJ5x0IGXs0 aK1xfU3jHTSMtrhyt8AEBVDDQ0Vat08ugZ6nmrUPRE0dkLwPJq1Mdq/FYdf1HQDC 55Av7r3I9DM60KldVmlBkfhnMFdAL2Yd3gOLKiVL3OGh3YnMXtk7YsgtnzOTfVgO /nJf/rhtvwjyjYQzNGJLDFv+trE14LPJY6VdN2lHxiTNi0Scz9sfSHO0mJJPtzBF ozGMGaqbb5HREeGrNvvoYIGJ90ry468jj/rSal28cgZYpyDKMquvmIdIbzaxAVZ8 FMG0NB0kIyR3wbrJ9Bi09XmBwv5a3UJIIbwSbwlYt24ntl6Bbhe9TR8ury3xOcEY 3qmVITVBl34ltRi9XdjyuViP1Z/95vQ42DLMGjXpvfDYelcxuSz5Au0fr2ZTo+ZG kEQQf+AP5YA8HCskeMlER3/hLGNK9us5GyI75UmJjHHaGy1aogY5KFa8BnrekANJ 9THuS7BxjA1rFpt/e9MBSyZsAMhWDqzEgEc3z9Esm0wO65fbZhDKFUK3GnvEgRmG YQ2+Jw/59FRyG26qjtsOKRvqxkxrGXUWhIraosDTT0jrnWTf3+NHNzDWiSJDtaHf
    cSw0l/q7
    =C3bz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)