[Git][java-team/hsqldb][bullseye] 2 commits: fix CVE-2023-1183

Mon, 19 Jun 2023 09:20:45 -0700 


Rene Engelhard pushed to branch bullseye at Debian Java Maintainers / hsqldb


Commits:
a768daa1 by Rene Engelhard at 2023-06-15T23:10:31+02:00
fix CVE-2023-1183

- - - - -
0eeccaf4 by Rene Engelhard at 2023-06-17T12:51:54+02:00
update CVE-2023-1183.diff

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2023-1183.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+hsqldb (2.5.1-1+deb11u2) bullseye-security; urgency=medium
+
+  * Team upload.
+
+  * fix CVE-2023-1183 
+
+ -- Rene Engelhard <r...@debian.org>  Sat, 17 Jun 2023 12:51:34 +0200
+
 hsqldb (2.5.1-1+deb11u1) bullseye-security; urgency=high
 
   * Team upload.


=====================================
debian/patches/CVE-2023-1183.diff
=====================================
@@ -0,0 +1,26 @@
+diff --git a/hsqldb/src/org/hsqldb/StatementCommand.java 
b/hsqldb/src/org/hsqldb/StatementCommand.java
+index ab29d28..eaef1ab 100644
+--- a/hsqldb/src/org/hsqldb/StatementCommand.java
++++ b/hsqldb/src/org/hsqldb/StatementCommand.java
+@@ -963,6 +963,10 @@ public class StatementCommand extends Statement {
+                 try {
+                     session.checkAdmin();
+ 
++                    if (session.isProcessingScript() || 
session.isProcessingLog()) {
++                        return Result.updateZeroResult;
++                    }
++
+                     if (name == null) {
+                         return session.database.getScript(false);
+                     } else {
+@@ -1028,6 +1032,10 @@ public class StatementCommand extends Statement {
+                     int     mode         = ((Integer) 
arguments[1]).intValue();
+                     Boolean isVersioning = (Boolean) arguments[2];
+ 
++                    if (session.isProcessingScript() || 
session.isProcessingLog()) {
++                        return Result.updateZeroResult;
++                    }
++
+                     return ScriptLoader.loadScriptData(
+                         session, pathName, mode, isVersioning.booleanValue());
+                 } catch (HsqlException e) {


=====================================
debian/patches/series
=====================================
@@ -1 +1,2 @@
 CVE-2022-41853.patch
+CVE-2023-1183.diff



View it on GitLab: 
https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da

-- 
View it on GitLab: 
https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
pkg-java-commits mailing list
pkg-java-comm...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to