Rene Engelhard pushed to branch bullseye at Debian Java Maintainers / hsqldb
Commits: a768daa1 by Rene Engelhard at 2023-06-15T23:10:31+02:00 fix CVE-2023-1183 - - - - - 0eeccaf4 by Rene Engelhard at 2023-06-17T12:51:54+02:00 update CVE-2023-1183.diff - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2023-1183.diff - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,11 @@ +hsqldb (2.5.1-1+deb11u2) bullseye-security; urgency=medium + + * Team upload. + + * fix CVE-2023-1183 + + -- Rene Engelhard <r...@debian.org> Sat, 17 Jun 2023 12:51:34 +0200 + hsqldb (2.5.1-1+deb11u1) bullseye-security; urgency=high * Team upload. ===================================== debian/patches/CVE-2023-1183.diff ===================================== @@ -0,0 +1,26 @@ +diff --git a/hsqldb/src/org/hsqldb/StatementCommand.java b/hsqldb/src/org/hsqldb/StatementCommand.java +index ab29d28..eaef1ab 100644 +--- a/hsqldb/src/org/hsqldb/StatementCommand.java ++++ b/hsqldb/src/org/hsqldb/StatementCommand.java +@@ -963,6 +963,10 @@ public class StatementCommand extends Statement { + try { + session.checkAdmin(); + ++ if (session.isProcessingScript() || session.isProcessingLog()) { ++ return Result.updateZeroResult; ++ } ++ + if (name == null) { + return session.database.getScript(false); + } else { +@@ -1028,6 +1032,10 @@ public class StatementCommand extends Statement { + int mode = ((Integer) arguments[1]).intValue(); + Boolean isVersioning = (Boolean) arguments[2]; + ++ if (session.isProcessingScript() || session.isProcessingLog()) { ++ return Result.updateZeroResult; ++ } ++ + return ScriptLoader.loadScriptData( + session, pathName, mode, isVersioning.booleanValue()); + } catch (HsqlException e) { ===================================== debian/patches/series ===================================== @@ -1 +1,2 @@ CVE-2022-41853.patch +CVE-2023-1183.diff View it on GitLab: https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da -- View it on GitLab: https://salsa.debian.org/java-team/hsqldb/-/compare/e28073a39e82e541501b2450b82143acd3c57715...0eeccaf4c3b29a425bc27dad534ec7a672bec3da You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list pkg-java-comm...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits