• Accepted h2database 1.4.197-4+deb10u1 (source) into oldstable-proposed-

    From Debian FTP Masters@21:1/5 to All on Fri Feb 18 20:20:02 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 15 Feb 2022 13:35:46 CET
    Source: h2database
    Architecture: source
    Version: 1.4.197-4+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Checksums-Sha1:
    37601d6f1b61e75c1543742e05fd9a44e53c1020 2315 h2database_1.4.197-4+deb10u1.dsc
    3aa85cfe0d1891b656521a624efd1d75c5ed9258 14296 h2database_1.4.197-4+deb10u1.debian.tar.xz
    8975512cb1ea2024bf8a01a3940c78b2e261c3be 11933 h2database_1.4.197-4+deb10u1_amd64.buildinfo
    Checksums-Sha256:
    1564af55cf26118c02eae19ce766fb1eb6b6e77c0dac42ca9fe9efc56356e17c 2315 h2database_1.4.197-4+deb10u1.dsc
    e383d48dd6137e07b3d793323c039b8b015513bf9000dc254b00c332253a8532 14296 h2database_1.4.197-4+deb10u1.debian.tar.xz
    bddd6f4ddd0441d697587b17413ed8737a9a57b598dd67cfd5f82607a1a3785e 11933 h2database_1.4.197-4+deb10u1_amd64.buildinfo
    Changes:
    h2database (1.4.197-4+deb10u1) buster-security; urgency=high
    .
    * Team upload.
    * Security researchers of JFrog Security and Ismail Aydemir discovered two
    remote code execution vulnerabilities in the H2 Java SQL database engine
    which can be exploited through various attack vectors, most notably through
    the H2 Console and by loading custom classes from remote servers through
    JNDI. The H2 console is a developer tool and not required by any
    reverse-dependency in Debian. It has been disabled in (old)stable
    releases. Database developers are advised to use at least version
    2.1.210-1, currently available in Debian unstable.
    Files:
    e7b37c3b9f627628e5e3d50b2cb6e2f3 2315 java optional h2database_1.4.197-4+deb10u1.dsc
    7bf44ce2cbe89ccc3d174e0c592dbc0a 14296 java optional h2database_1.4.197-4+deb10u1.debian.tar.xz
    19d552a0044fe08e02c4fb1d72b50fce 11933 java optional h2database_1.4.197-4+deb10u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmILnidfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkpNAQALII6zPWPmmuYCQtWC0OpUyKRxolFKncddaK GvnBAAEsUpWb+49iws7SZnaP0h54Em0WeuwI5+cW0sxpgFNQXDYiHfW3Oce9vGae k+9N13ur6EWydmJvFIGzaT3ohiGro58Wv61jYv885Hzj+t27oEDG9KHt0BIH778w wV0llywKS8ynsKzQn8gb776/oMdsGXFtzQHSF3+CpqdpdtTBCNpJ60N0vnklmKm1 K5r5SmjcAGTmnr3YlZTaz7HEYL2+P1NP0XnE8UxAnmoes/FlkCvN3IwCIHMFbfC4 Rtr+hNgKvzp7p75r+Oqya6xIdIhrKmMsAVvQvLmfs4HIib4ASHpjZMGXAEyPEHG0 IpIUdEPhVsOhURqutpSc/n4LEi/jObf52azfXt2u5cedWCdMyiK4nD+YOByMu/Hn w1/Qo4p9i0od7t5xwHYzdcJzMR0PlSUJR3e5zCbCmCN0uGgnMB7aOC0nChMLvtKd 5Aykdw0T8/orycbasRP+9dlx7VozFwtwXWmAHFMyipn7boiW9iGQ0i2lMw53u9d1 ZCO+W4OavGLQ9sEjpsS2EsSIIVFY0/WjUzvE7CgVYsLpkayRU/TXeCLq4zTfrs41 MukZMb4eK92tYaMlxREQgpqYO274XnIbI93fnAkerTQ+NR5rvDIs88yphS6Gqa/s
    PBPsuWPR
    =qY70
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)