-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Dec 2018 18:41:05 +0100 Source: c3p0 Binary: libc3p0-java libc3p0-java-doc Architecture: source all Version: 0.9.1.2-9+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libc3p0-java - library for JDBC connection pooling libc3p0-java-doc - library for JDBC connection pooling (documentation) Closes: 917257 Changes: c3p0 (0.9.1.2-9+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2018-20433. A XML External Entity (XXE) vulnerability was discovered in c3p0 that may be used to resolve information outside of the intended sphere of control. (Closes: #917257) Checksums-Sha1: 17dc7a9cba3249f72749e681c59ff15f192c2d7e 2302 c3p0_0.9.1.2-9+deb8u1.dsc 95da49a025a38b1fc59ef98516d19a29a8a2e24d 322519 c3p0_0.9.1.2.orig.tar.gz 748b74b70f4bfec97c311771053952395d39307d 10608 c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 48a96f92158c3f720164e637ba393842f4010f02 590844 libc3p0-java_0.9.1.2-9+deb8u1_all.deb d672718cde73c146c6209666417541bcb8e14224 87060 libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb Checksums-Sha256: cb98bbd1d77474cc51a903e779d3fdd7816df9f1545acd74c570654a2ba50740 2302 c3p0_0.9.1.2-9+deb8u1.dsc c3652787589b62a0da07a40c2387c5b01089631211bfb666cc634610adc1bead 322519 c3p0_0.9.1.2.orig.tar.gz c0b0516801af58cda7fb0dd4ba99311913c54666877732691eac126b6121b936 10608 c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 3b3fba2eec6f40ced4a4d04f9a8ef23df1043f1addb1764e9fc5809823393e40 590844 libc3p0-java_0.9.1.2-9+deb8u1_all.deb af5723dc7acd1b606106ef3dccd52b3ac72e007f6134487769bf894fa5d2ee50 87060 libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb Files: c17aa819c361c70690ad384847fa4328 2302 java optional c3p0_0.9.1.2-9+deb8u1.dsc fb3241db43d41728895c66205de3aa78 322519 java optional c3p0_0.9.1.2.orig.tar.gz a330a2656ccd897911d07ad807d634df 10608 java optional c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 211edcb017f978ca5cccca131e3001a9 590844 java optional libc3p0-java_0.9.1.2-9+deb8u1_all.deb 8b3b6f865ac658ff658a26ffd93b5f69 87060 doc optional libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwmaV5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkV8MP/iIWr13pkjxj448dTNFJbVitj0RuEN2aKRzs F8RnRmLLbdzlxkL8SJtjBAnhoqGqqPecGyq7AmRvAa0gTkUWUnrNfEYrd/7kRL02 ynLYjlZR1LUW1mxjKVGxtCHoPSQSXxusOMzXPxDutlGaqeVOtht0RcJTW/uPyqEf MFtiVYZ2u9EQbTtUBvqaBGeSbJ+X8Tjz9tQYD9YuaIP4caBpIJpm1WjE+3/UfCVk 60HUzWQ199sHt2Ojxr/iKe6WOcO2nPaPQavot60fXWEl/hKhesAni3fHct8e5KzB p0wXHyAyiUq2QvAIieJ7L2q1s5DbFmx97s553IDJY2Ln3tJmb3SGAGdgxZrGEfi2 xTuZEjN4NtGSC08LigLlha6XZGTdyiQQSvOof1qO7pgNGhaGZY411J8zfo2mtVdG FkckrJrLvS+oR3nauBKgGObNIC5o73j1kyrdMc5lJwsa593h7/9R5eO+Z5kSueiV pEUi5dT1cseSrhsB48OlIuIP2Mq/0VWnXrOZogbgMkK34Vfg3xzltZfBAzRcbHHT zBxZxk4XO61kYRiUaR5N+W7FE1toVkunaNGMcBdh2HggFtHf2ujOGyzj4+A+UvVj +35AaWDrVl1QSrrZPJXMrSGyeixZI52tXCwjBOMAU7cJyoH5QtMO3aKehTjnDa5g 9nEho2ZA =rt0S -----END PGP SIGNATURE-----
