Your message dated Sun, 11 Jun 2023 22:29:09 +0000 with message-id <e1q8tyb-00dte4...@fasolo.debian.org> and subject line Bug#1036706: fixed in xerial-sqlite-jdbc 3.42.0.0+dfsg-1 has caused the Debian Bug report #1036706, regarding xerial-sqlite-jdbc: CVE-2023-32697 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036706 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xerial-sqlite-jdbc Version: 3.40.1.0+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for xerial-sqlite-jdbc. CVE-2023-32697[0]: | SQLite JDBC is a library for accessing and creating SQLite database | files in Java. Sqlite-jdbc addresses a remote code execution | vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 | through 3.41.2.1 and has been fixed in version 3.41.2.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32697 https://www.cve.org/CVERecord?id=CVE-2023-32697 [1] https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xerial-sqlite-jdbc Source-Version: 3.42.0.0+dfsg-1 Done: Pierre Gruet <p...@debian.org> We believe that the bug you reported is fixed in the latest version of xerial-sqlite-jdbc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1036...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet <p...@debian.org> (supplier of updated xerial-sqlite-jdbc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Jun 2023 23:16:54 +0200 Source: xerial-sqlite-jdbc Architecture: source Version: 3.42.0.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Pierre Gruet <p...@debian.org> Closes: 1036706 Changes: xerial-sqlite-jdbc (3.42.0.0+dfsg-1) unstable; urgency=medium . * New upstream version 3.42.0.0+dfsg: - Fixes CVE-2023-32697 (Closes: #1036706) * Refreshing patches * Stopping shipping the removed README.md file * Building without graal-sdk, which is unpackaged * Updating d/maven.ignoreRules for plugins to skip * Set upstream metadata fields: Security-Contact. * Removing unused Lintian override Checksums-Sha1: 2828e75f70d7896328175b14e3a5a8399487ce8c 2475 xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc 2068c02b46e4d76c12d20f032d240661a9d0b34b 172908 xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz a533a5a71b91670063ae6c36514206ba4b7400e0 10380 xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz 950ea2e1a69d24eafa0fd4fc330527e091f877d1 14771 xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo Checksums-Sha256: 6d01359ac5a1318a28cbb8da018c3437d4cd4bd3f733751e97170411a0e359de 2475 xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc 8521c97faf3358c004bb99a36ec5d11e4b3b95cf33cbeaa6897bbb81ab545790 172908 xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz e39cb3d2967472702efa31302beef9378bfffcff2c37f63de2ae689f1f4d2c81 10380 xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz dabea8a699bb3bc181e7c33a8086f8daece8d99ad0d3c9f6074c22b3387b00dd 14771 xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo Files: 083f4f8e21e4ab66073dfed7e96cc5e7 2475 java optional xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc 67d7b4ae247698bce6b278bec4015cf8 172908 java optional xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz f5a1556820e02bf788490853a5ed04ee 10380 java optional xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz 3e4a5eb24acaaf6bee4ec162f96ba808 14771 java optional xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmSGPdAACgkQYAMWptwn dHYIFRAAtaC325q3WQtnMutw0G63qJvbZbGQu+z0WkZUOphsqUrj4IZ7CcLni2mI TFxq2qsvscF352ynUHe107aqf1pxr/kEY8EX9Hl0COCXq4uLx+AhK0Mct1W6D3TR BbyZgXNXiuCNCuw4R3Do5BGWu4LxjSuJFa2p/8+jhyJ3zEXDcOKNaILCSkNZUelU KForb6fxx0SCFPfG48GEAuHSNhGUc/XqCRIA+cnRkjFmvq+sHAQklJD9UUHdPodf CzO92kr2uv202TnJJtjS4AfmYF8J9c3QBHsRUtS9grNp4d8xAvG+MvLMdl+a6+4c 4lDypfQ1yHLKeujONmxfQ+3CZ9Psgoo3rOclAgSW15hEic0DEaUnc8CmhGu9GHtL gIdH9AgnHiof9hgh4lZRGxcOvEcHkjSBNrG89Q5gYY+BDvz2BoZLHwXkXcZ8y5RE bZo7MxtSjXEuhMraUyqpB+YMaAvMtVNjEIkzeqt7lE2jV2s7pevtjXzn6ZMOu5Bx IEAG6tFV5R6fU7fOFLtWUt/MEG52kObO4DVlDpmTZUwp8Lz996v7LSnVV1x1zs/x zqrLTVCvz32doGYz/vLxB9rfa0z8UdntxgsCVmLsvCscMV2Uyucd5okskcniQVF4 zp9bVf1T1+gWxBTKHufTEw573DxU0wwdmrzOKaA4mksPlSMJaaA= =MYeq -----END PGP SIGNATURE-----
--- End Message ---
