Your message dated Wed, 05 Aug 2020 13:18:33 +0000
with message-id <[email protected]>
and subject line Bug#962828: fixed in libpgjava 42.2.12-2
has caused the Debian Bug report #962828,
regarding libpgjava: CVE-2020-13692
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962828: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962828
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libpgjava
Version: 42.2.12-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libpgjava.
CVE-2020-13692[0]:
| PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13692
[1]
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libpgjava
Source-Version: 42.2.12-2
Done: Michael Banck <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libpgjava, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Banck <[email protected]> (supplier of updated libpgjava
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Jun 2020 16:07:07 +0200
Source: libpgjava
Architecture: source
Version: 42.2.12-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Michael Banck <[email protected]>
Closes: 962828
Changes:
libpgjava (42.2.12-2) unstable; urgency=medium
.
* Team upload.
* debian/patches/05-cve-2020-13692.patch: New patch, fixes XML External
Entitiy (XXE) injection (CVE-2020-13692, Closes: #962828).
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
Checksums-Sha1:
fe3b12297f0c3e6eba680dafc9a2e9bd9ad1c0b6 2560 libpgjava_42.2.12-2.dsc
8bada5e0bf5dd2b514ed8e0f84efec6fada2935c 15904
libpgjava_42.2.12-2.debian.tar.xz
Checksums-Sha256:
006614153f66e88a9fdddc1ba0e46cda0a63f2fb0ff975726eec66072be0adc8 2560
libpgjava_42.2.12-2.dsc
8cfc15c4abe92bef9063c356ebabafbded37b08f3f66290e62a4fa9eaf23e089 15904
libpgjava_42.2.12-2.debian.tar.xz
Files:
701eb98c720d515b94b01bc28043a892 2560 java optional libpgjava_42.2.12-2.dsc
569c00892a39654592d1ca2dcdd0b33e 15904 java optional
libpgjava_42.2.12-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl8qrZkACgkQTFprqxLS
p65p5w//dOGNmC30Axqths4kAcsxyYRJLNWDYIKR++TcPYvK+9+zs1qy1aEXCGR0
uNmWKdvzaMk9FyY8nuOz8WA5bIZzKaAAJxhvAf/qwWyVn4jHIF6883zbW3bWgLdE
9clJ8Vls6e+Bd5lMWzChbHXfy4o+sOzVzrCpfVNFvFamcJFvzkBiVIoLkNucTQXE
OmAvIicwH68RhdbCJ9cg4yD4SVDJNRl+aMHbK+U4zoAD3sZtT/0o8QxI4Y5dl/4o
JgYPqp7zpmzHjliuQDmadGI/r/bmIevU0nvKxH3cMA06ZwXd/aQqkE8bDZ+or+ah
sgLPxreamknKZvw3dXYcubBXJaNO4Z3wiboHRiBeLTP7FO6vRH3g5BND/8wO9M3w
HsqpcQzcosN0E5DcUPzxH4CjniWD4BBWtnELQp+tsJJFCJdiMmXhpN2sp3XKCrVF
T6xm8DD1XCs92VmawZ8+csq9aGqD8kcqV7poCzG0BRnlmlDXRLMrEvJwmE1IuzMB
1ZLvHEac1blTz8dPX0K54kE3ReaGhMzuvb3a+ZJfNV+eGqaO7NVOC5uXTrSw4ujG
YdEbyp6EoAECjqYYJvGk41aC5IU3Dt8Lw3gL+wlXVOmep9QWEDYiU5QZH5aPFzOz
pCcdlm0kY0Gu+jFH6cPj7dn2pZLD6b5BHBtlfdUSLsy9qewWbOQ=
=hF3x
-----END PGP SIGNATURE-----
--- End Message ---
