-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jun 2023 22:53:03 CEST Source: hsqldb1.8.0 Architecture: source Version: 1.8.0.10+dfsg-10+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 6a6e39360a108498d5ef8f9a77057c82eaeb2934 2104 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc 8d521d1c7eb09ad10f620c6c71efbcc28fa1c98f 2917677 hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz 640890ebabcc27634e01a238cac703764bd25a22 30315 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz aba567e3a4268854164b8cbc168c3fc0f7d05ed3 11441 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo Checksums-Sha256: ba52861a22e524fc4c01b79eef4702ca1bacc88d4f7c631f2734f190509523aa 2104 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc e555da47b3c1c3f364de2297b2c2b76113fbbd903604d6a0a6f782b060a16f48 2917677 hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz b5a9f45d91b31ea89e7d4e367524de5cd0018c9148a16dac90cb3bf0497e790d 30315 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz 6fa45490709b2906a24f3168e9db1edd435522223d66c32300fc8628c332cdff 11441 hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo Changes: hsqldb1.8.0 (1.8.0.10+dfsg-10+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2023-1183: Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be writen to a new file whose location was determined by the attacker. Files: 0651703410160af414888a2155d26daa 2104 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.dsc dbb18b7849edc08e4bfb73552039e828 2917677 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg.orig.tar.gz eb3e2a48fd8fcee3acdcd1f43a8c0cd0 30315 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1.diff.gz afb6646d4c35e0c0b1cb7b657b14bcf4 11441 oldlibs optional hsqldb1.8.0_1.8.0.10+dfsg-10+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTY3xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hko5kP/j3qdcDVEROuG4QsDmxpj0KYt2MCuAEW0yXs 4byWHNeU7vM4JOdSV9OM/b+K6hXD6fJHNs0d45EjODOb/JP1i19BNXOL8tq4tou8 ANSw00AAjA/8tqP8vxfxT3H0dJ5qDr5Xc0/6REWwwW6lGzLvPm8v3clu/5QWs8Wy KTz01V90XK9Leo4CHQ8WPeUGYTSrwPj9KAxBqOceqjxmviBsdsy7SSjndu9KCfIE NypSOjbPW9P+RPGc6+zfJcQUPtgcDkTZQn50tgpg2pVDKnDrjv9u6BzZ1OIdbUZk wy5ggCtKV7b3rmUQXMrXXuBd5wm7s1YC3oNYg0BGI2dhnoYGb06nNGz3lSOrq/WT 9G8y1l9CWQQaIcSq4RBgJvvpKIjsqJvGhjQIEyPDRaFrc9yr5rsw6Qy1rYGnTfTX FtydMLOdZktTrqsJ4pjIKG4QqxakRPB34z2BV369+TchLB+SdXhqBXPSpvLRDGBP FxRp4jN+f2D/Zxm2u3u0+gjy+v+AgzIjnEJWuhHMQmxPHt4Nl+1e7WjzaZZCnXCq RA7UU6djfudojJV0tFN2W1OzWCS2k99XO69qNNVZTiOJ/SEN99XMIfMpytzPHlaU FDjz5jUx0Sa50oIbfs5/gYamRefbdPC6sG1ZTD8Q/W19TKbl3nAUptq/69SXE76+ znWjXboi =3HA7 -----END PGP SIGNATURE-----