-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Jul 2022 23:09:55 CEST Source: libpgjava Architecture: source Version: 42.2.15-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Checksums-Sha1: 85ae95d20d3aac351a085ac3f5855eb9a34cccf4 2746 libpgjava_42.2.15-1+deb11u1.dsc 36a1f7411b1700ad6fc9c4a592ea1763e0487cb0 903018 libpgjava_42.2.15.orig.tar.gz aa8f4aa31a801678b2e0d424ba40219e06a4f15c 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz e61a9df7894045ea80ae625646cccd22d6788cdd 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo Checksums-Sha256: 953033b870e91ca745830146b3e300bff162cc35de11dd4bbb4c15dcb2adc75a 2746 libpgjava_42.2.15-1+deb11u1.dsc fd34f1d133bf9df29fa853bea44029ba22b00a478984d7233fb6218b66d47a8f 903018 libpgjava_42.2.15.orig.tar.gz 610d614f43632bac68ce5ca0762c9a3c74f45ad4d450e99a3c81bad443f4d488 15536 libpgjava_42.2.15-1+deb11u1.debian.tar.xz 30aa78fe08408736b1208fa6c66d2fa2a61277a9773415b013c92c78a8c19955 14524 libpgjava_42.2.15-1+deb11u1_amd64.buildinfo Changes: libpgjava (42.2.15-1+deb11u1) bullseye-security; urgency=high . * Team upload. * Fix CVE-2022-26520: An attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. * Fix CVE-2022-21724: The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Files: 6217c286a442eb00b3b008af6f4c4f0c 2746 java optional libpgjava_42.2.15-1+deb11u1.dsc 27ec7ca1fe1059eb9cc5014de76176f3 903018 java optional libpgjava_42.2.15.orig.tar.gz c1e9e7b121be7214ebb80176c0c27952 15536 java optional libpgjava_42.2.15-1+deb11u1.debian.tar.xz ddae6da2b4256e4d50461c4d0addeb63 14524 java optional libpgjava_42.2.15-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLhxqJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkBtoQAMalk8QW+yyrE9nT7R2w+c8LZUMVQcvq60YO 0gCpDPeWOW1zrkbTr6+Tx/Ag5dOGjXlypmbzKX1k8GHARtbkx9n9kpN0nbbjW3iT Y8ag7BtR1MSF/0+9kfpWpxCQeNYZVkYazq8+7do2EfSqZO3t+VGnVchemxxfgO++ XNfOb/nK+1ozoV0hVm06GwHyqo/Hs7buVQ/QwFzyVBZS8nUOAyrAM/BjHAnJwQw4 zElJoZOikY1SP5nw98aqQxcRs7II2lxObfbo9DyS3QLNKVaNv+d6TTS6/pwQQG0T FTP/uKQTR9vFxUGIcsjQTLJYmpNwhi/n0SlNkc2bP4WUvaiEMwuXJd3bYvJ7Kg1U TaajCh1dshB35HkWYVlhiTuVRGNFtchKnfY6+QVP5h8BrAWXzLJ+zRZDh184407E LSfDVW7nlCpOSjQBUkyHpzrkZ3476i+/SaR0WYBfPNVqjdQxKOQh1XisECVOPrSe FEZBkI2Ee7FBxGuZUHXbXlwJ3uUuea3JsumCAA4dbo9y4RAj/DpD9OxXcDrzwd0X n47gIxlVZ84CuFiKP2PrOFTPK1nxX6HgQYTromoqZUdLnEFRDnnOkhTBSGhsSl5T h/FjFfg+LRGqiv/nMCm5k1FIrjLApXvD33hpHjrT3/6r5lY9o7dB14+5Q3VPNzu4 AKpuuPIX =efyW -----END PGP SIGNATURE-----