-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Dec 2022 21:32:57 +0100 Source: hsqldb Architecture: source Version: 2.7.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 1023573 Changes: hsqldb (2.7.1-1) unstable; urgency=medium . * New upstream version 2.7.1. - Fix CVE-2022-41853: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. (Closes: #1023573) Checksums-Sha1: 6cb9a2688562741a81eb3da5f4aba832615769a3 2239 hsqldb_2.7.1-1.dsc 5b5cb87b48614f82576faec871e81f2cb308955f 3563928 hsqldb_2.7.1.orig.tar.xz af0012ae4c3796efdbc75aa9e117e5f17d0996f8 11768 hsqldb_2.7.1-1.debian.tar.xz 5cfbb84418b8f43d5fcad11b2165038d5c819bbf 12702 hsqldb_2.7.1-1_amd64.buildinfo Checksums-Sha256: 6ea736372faf5af6715ff357193e6156766717e2037b2401d9d05a82cf2a71be 2239 hsqldb_2.7.1-1.dsc 3605a8b3223d98fc0b50aa405ae1b4074be55fc9aaefeb56a441ffb11767e071 3563928 hsqldb_2.7.1.orig.tar.xz 7858f29ce0a472eb03f5e62c8ec4d9e8e0b37373d19c21b2a525233666cd9b0f 11768 hsqldb_2.7.1-1.debian.tar.xz a3d070c788efd5d5f92361193f0b246fc12e7c1583148088ef2467a1b001a9db 12702 hsqldb_2.7.1-1_amd64.buildinfo Files: eb6d2da20a1d3f39add460125f87e374 2239 libs optional hsqldb_2.7.1-1.dsc 695a1f0dbbbcf7e0d700be8cc5b5a4b6 3563928 libs optional hsqldb_2.7.1.orig.tar.xz 4d97fae8b0d5de593d5b68b4370470f5 11768 libs optional hsqldb_2.7.1-1.debian.tar.xz 20e9a0db6ee559dd9d4359a3f11ff2c6 12702 libs optional hsqldb_2.7.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmONBg5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk6rMP/09n0d+g92W7vfNhXmPwkUczQ/iYeGPKU9QK XrZm4Oj38JUtt+3uMA2M9eeuV7njRznjN2Bu1K2XKSIV6dRy2ZqfoyE4f7c54TN6 Jayn/UAf5CogPHO9mcM37m5gLKqkyW5V2bu61N70DTAlRDC/XGGe/HTotl2Ttzq9 qxSTh6UHxJS/2PVfQw8LVfCiLAedCyq4Ep/pr9oSJtCBV886V51qsDbTpVljpHWX ODmlKeQ5R3I3dX6no2yi/yg9j3ZlypBJYcz/JgDx5VFzTieHts7odpbGNiOVxMIF vuz8UDnahwLmWTKWfcU58UPP++8/xnS6Ih6fvBqRn7EGgeLDzhM3hIrJhmF5LkZO VD6s9RZmnSkJH4OTv4DnyY5UmfFLJ8HIRAyS43mo6mjYY3U6FZh1rSb6GWlY/2m5 53u/bvWN8hj9cQc/xf5ifv2V24S1O701QO/Xu4rVZTXKnXg/zIXSjoDS2xYtiXdU /X3pjIfFL4YTItIZQVOfhXM9wW56zjsdplehGJFtKENZH8DnTJCpni5lOAIZTn6G 8hjSD3p6Ue0ywjECg2hWc/ax10UFLxBOvLUpYiv5JFklYkb7B96pnkVvFdJoGHeI xrqtgXCknE6+RrWiTzY680RxFaCd/IVG1csu5hoNNf1xXQdhIMgrfz167SAwGvDa s0VPEn5A =MDn8 -----END PGP SIGNATURE-----
