-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 10 Aug 2020 13:49:48 +0200 Source: libpgjava Architecture: source Version: 42.2.15-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: libpgjava (42.2.15-1) unstable; urgency=medium . * New upstream version. + Fixes XML External Entitiy (XXE) injection (CVE-2020-13692). https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html * Switch to src tarballs from maven repo, the upstream git repo tarballs need gradle to compile. (https://github.com/pgjdbc/pgjdbc/issues/1440) * Force doc build to be in English. * Remove missing test dependencies: classloader-leak-test-framework: Not packaged junit: Packaged, but mvn doesn't find it jupiter: Missing on older distributions. * Defang package-contains-ancient-file caused by 1970 README.md. * Test both md5 and scram-sha-256 connections. * DH 13. Checksums-Sha1: 8d365e2f084d38fdc06e5600a600a9d5af724f06 2560 libpgjava_42.2.15-1.dsc 36a1f7411b1700ad6fc9c4a592ea1763e0487cb0 903018 libpgjava_42.2.15.orig.tar.gz 438c8a38a1f36a302a1fc9bb9a82e74b88c2f8ee 9728 libpgjava_42.2.15-1.debian.tar.xz Checksums-Sha256: cc4d1d8ef1018db755bbc9e37e78073040693eeb4eb8ecd073af2b723e8764fa 2560 libpgjava_42.2.15-1.dsc fd34f1d133bf9df29fa853bea44029ba22b00a478984d7233fb6218b66d47a8f 903018 libpgjava_42.2.15.orig.tar.gz 1534ebffd429fb777ccb9504502a9d364765d05c0b5000705e1d99a26d0a558e 9728 libpgjava_42.2.15-1.debian.tar.xz Files: 4a3ba222025dd3254bfe55e6a48fee5e 2560 java optional libpgjava_42.2.15-1.dsc 27ec7ca1fe1059eb9cc5014de76176f3 903018 java optional libpgjava_42.2.15.orig.tar.gz 9a253f405fdd59455be07090497626de 9728 java optional libpgjava_42.2.15-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl8xQUQACgkQTFprqxLS p67eDBAAh9kC1xKZ1sMJZhF4tHdNzJOhUuV0q0UGuMYVLnyDJOHSd7OwTm5e2op8 yq8pIQ0HPOJjvBFcbcGOyyfn2Q4bd4nBeWxguOi0ClmP2G/5Ur3/s6sgJ3LUFZZJ tXXX4sV9/0quK+pPixnIg/L5K20Rz8TGrctF0GPoYwh2mbaw9KfpXmguHtpyTA8U oqGm3NQoUUtNRn9iU7BfMt9IRs8L4Jb4jQ4EFernFBiWWmvETX+eVaUlFu+f/wby zURVpl1c7EMONGmCUve0BLIVAzZzzVXEOYVdL+iW9Gkdqv6VNi9HapF1xo/K6ed0 PDfmtl7kMcwsRLW4k5PkiCAre0aujiVbhiIVrO9feRT7PeY65zFG0mxN+pLwM4Na 3DvPBwwuyQNWiQLOgF+pSrpBlIUiPntTooHb1MCR9lLxi8hQSqEhwORmopnqQyxo ygd03nbJzCTCfDUuZmi2+NiRdPuMMvvzNkwU++ovMRW2PNQF/NaB2MSvKwkzMTX+ GwR5CKVrEadIwwckBnQsfZnqkBOgwE7Ws+bAS+7zgNJVfeZhKcZ1V1P75X6klBKM K+1a1azS7gEhFV94QHHel42nhAgUg7wPtBbMx7eDK1euSSTntqQUEYrb8YJRJ9wZ 9fEdfuWjiPBxGtY3Tn7z4NKZe25XXskDLWO1IdtSCzii53HMRz8= =ZEyb -----END PGP SIGNATURE-----