libpgjava 42.4.1-1 source package in Ubuntu
Changelog
libpgjava (42.4.1-1) unstable; urgency=medium
* New upstream version 42.4.1
Fixes SQL generated in PgResultSet.refresh() to escape column identifiers
so as to prevent SQL injection.
(Closes: #1016662, CVE-2022-31197, reported by Sho Kato)
Previously, the column names for both key and data columns in the table
were copied as-is into the generated SQL. This allowed a malicious table
with column names that include statement terminator to be parsed and
executed as multiple separate commands.
-- Christoph Berg <email address hidden> Mon, 08 Aug 2022 14:53:28 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libpgjava_42.4.1-1.dsc | 2.5 KiB | 7e0a77fe37b1ae197a50fd5e1e45272d99192eb136e68b150fed81603f3b1159 |
| libpgjava_42.4.1.orig.tar.gz | 946.8 KiB | edf1ead37f4d64f97e0d18a59b9a81f8d6cab7bdc523c9c4f20f742387d1d9af |
| libpgjava_42.4.1-1.debian.tar.xz | 10.0 KiB | eeb5438eec8284a7af4a876f149cdf4a77df02702d327db3ed111890253c493b |
Available diffs
- diff from 42.4.0-1 to 42.4.1-1 (10.2 KiB)
No changes file available.
Binary packages built by this source
- libpostgresql-jdbc-java: No summary available for libpostgresql-jdbc-java in ubuntu kinetic.
No description available for libpostgresql-
jdbc-java in ubuntu kinetic.
- libpostgresql-jdbc-java-doc: No summary available for libpostgresql-jdbc-java-doc in ubuntu kinetic.
No description available for libpostgresql-
jdbc-java- doc in ubuntu kinetic.
