Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libpgjava 42.2.5-2+deb10u2 (source) into oldstable
Date: Fri, 07 Oct 2022 18:00:21 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 07 Oct 2022 10:46:08 -0700
Source: libpgjava
Architecture: source
Version: 42.2.5-2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1016662
Changes:
 libpgjava (42.2.5-2+deb10u2) buster-security; urgency=high
 .
   * CVE-2022-31197: Prevent a SQL injection vulnerability caused by the lack of
     escaping of column names. A malicious user could have crafted a schema that
     caused an application to execute commands as a privileged user.
     (Closes: #1016662)
Checksums-Sha1:
 1bf056ceb945d3cb591f18bd37d9d332148f967d 2585 libpgjava_42.2.5-2+deb10u2.dsc
 246426838c07688b8cc40bd6c3abedbff51b2ad8 21268 libpgjava_42.2.5-2+deb10u2.debian.tar.xz
 61b1b93269a9a9c96a99eeda4d0b95e0523f91b1 14040 libpgjava_42.2.5-2+deb10u2_amd64.buildinfo
Checksums-Sha256:
 ba7875ff4d5bb1240c5dbcedb36c0aa590ea6185c73eea9710524260a6486543 2585 libpgjava_42.2.5-2+deb10u2.dsc
 54fc3448133fe3fce1b622220a7be39456df75718c7cfed436a642dabcd6cdb3 21268 libpgjava_42.2.5-2+deb10u2.debian.tar.xz
 837619a0c67630ca318d73bf153cbb950e1b4fa1e64ac6554c12d4daff37ebef 14040 libpgjava_42.2.5-2+deb10u2_amd64.buildinfo
Files:
 ac97b8f95d635ea48f5334c1b0da7c96 2585 java optional libpgjava_42.2.5-2+deb10u2.dsc
 b37b895b501bba4626db03a31a2ab8ce 21268 java optional libpgjava_42.2.5-2+deb10u2.debian.tar.xz
 98fd6917588df8d8464e365d014fec48 14040 java optional libpgjava_42.2.5-2+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNAaDAACgkQHpU+J9Qx
HlhJlQ//ViMWkDkm6xHzg6xutVVXJnM4O/SncYubbVIvhMzflnd8YbaDGN431soH
oUql+jR+5Gk4xAsjPNiJYwo6NGaPUzWjJKvMCY0a5gnPxEFinZhsAQlqedd+w9Dk
HXto0ci8W4zB8Ccu7gvMJUTiFkf0TURW0idtVGXrX/Oc+t4Cww2qDIgRLpSWbN73
i/3IIDh8WUsrkSrnj89nN/ljeLZMX55g0yxjEE3hh1Jh5wD1tlNGqb4RfzG3CX+r
tjR4/aux3xXTFiEk6zy7V02aMcYYla5FoIZ9EzaZXzUXzllq8C1s932LRTKuDbhe
io+JcaqQkSSo3vd6ZOQTks3ZrKOlyBI4/r8yZcP1pFJ5394oD4ttiNG9L9rJ6+Ku
GyYi+fRpLuIJGRpwkCzvQBvkXc9UG+zTGjkbPh9yVc3pAKjiQVPn5uivERtWOS9H
I2jl6BiP9Salzr8ZySS1Jr+9iDcndrYWvmo7ziV/Dx6w53msGOSUErgRilTK8BjA
mEoJKRAEl5X8yzMru7t24VkzAt9Ioii1PRrqQWlNhCMVHYrX7nZF5EtP6RCc2CYD
4TyOlB2euzzEAtxz7hmhKwwSK5ivNSc7D9QxtBiRpz2nK2e+0yun/Os8VuLP89dP
bZfhFkha2Pp8VmnIHydjaira1Xe3KJ5OTxyJPNbh59omDtIWj14=
=8di/
-----END PGP SIGNATURE-----

News for package libpgjava