| From: | apt(dot)postgresql(dot)org Repository Update <noreply(at)postgresql(dot)org> |
|---|---|
| To: | PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | libpgjava updated to version 42.4.1-1.pgdg+1 |
| Date: | 2022-08-08 13:32:22 |
| Message-ID: | E1oL2rm-0002aT-1P@atalia.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
The package libpgjava was updated on apt.postgresql.org.
apt-listchanges: Changelogs
---------------------------
libpgjava (42.4.1-1.pgdg+1) sid-pgdg; urgency=medium
* Rebuild for sid-pgdg.
* No source changes.
-- PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> Mon, 08 Aug 2022 14:53:28 +0200
libpgjava (42.4.1-1) unstable; urgency=medium
* New upstream version 42.4.1
Fixes SQL generated in PgResultSet.refresh() to escape column identifiers
so as to prevent SQL injection.
(Closes: #1016662, CVE-2022-31197, reported by Sho Kato)
Previously, the column names for both key and data columns in the table
were copied as-is into the generated SQL. This allowed a malicious table
with column names that include statement terminator to be parsed and
executed as multiple separate commands.
-- Christoph Berg <myon(at)debian(dot)org> Mon, 08 Aug 2022 14:53:28 +0200
New version 42.4.1-1.pgdg+1:
libpgjava | 42.4.1-1.pgdg+1 | sid-pgdg | source
libpgjava | 42.4.1-1.pgdg120+1 | bookworm-pgdg | source
libpgjava | 42.4.1-1.pgdg110+1 | bullseye-pgdg | source
libpgjava | 42.4.1-1.pgdg100+1 | buster-pgdg | source
libpgjava | 42.2.15-1.pgdg90+1 | stretch-pgdg | source
libpgjava | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | source
libpgjava | 42.4.0-1.pgdg21.10+1 | impish-pgdg | source
libpgjava | 42.4.1-1.pgdg20.04+1 | focal-pgdg | source
libpgjava | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | source
libpostgresql-jdbc-java | 42.4.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el
libpostgresql-jdbc-java | 42.4.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java | 42.4.1-1.pgdg110+1 | bullseye-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java | 42.4.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el
libpostgresql-jdbc-java | 42.2.15-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el
libpostgresql-jdbc-java | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java | 42.4.0-1.pgdg21.10+1 | impish-pgdg | amd64
libpostgresql-jdbc-java | 42.4.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg110+1 | bullseye-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el
libpostgresql-jdbc-java-doc | 42.2.15-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java-doc | 42.4.0-1.pgdg21.10+1 | impish-pgdg | amd64
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el
libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el
The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | apt.postgresql.org Repository Update | 2022-08-08 13:32:56 | pgsql-ogr-fdw updated to version 1.1.2-1.pgdg+1 |
| Previous Message | Laurent Arnoud | 2022-08-08 08:06:55 | Re: Bullseye 10 and 11 servers packages |