Your message dated Sun, 11 Jun 2023 22:29:09 +0000
with message-id <e1q8tyb-00dte4...@fasolo.debian.org>
and subject line Bug#1036706: fixed in xerial-sqlite-jdbc 3.42.0.0+dfsg-1
has caused the Debian Bug report #1036706,
regarding xerial-sqlite-jdbc: CVE-2023-32697
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for xerial-sqlite-jdbc.

CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating SQLite database
| files in Java. Sqlite-jdbc addresses a remote code execution
| vulnerability via JDBC URL. This issue impacting versions 3.6.14.1
| through 3.41.2.1 and has been fixed in version 3.41.2.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32697
    https://www.cve.org/CVERecord?id=CVE-2023-32697
[1] 
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: xerial-sqlite-jdbc
Source-Version: 3.42.0.0+dfsg-1
Done: Pierre Gruet <p...@debian.org>

We believe that the bug you reported is fixed in the latest version of
xerial-sqlite-jdbc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet <p...@debian.org> (supplier of updated xerial-sqlite-jdbc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Jun 2023 23:16:54 +0200
Source: xerial-sqlite-jdbc
Architecture: source
Version: 3.42.0.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Pierre Gruet <p...@debian.org>
Closes: 1036706
Changes:
 xerial-sqlite-jdbc (3.42.0.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 3.42.0.0+dfsg:
     - Fixes CVE-2023-32697 (Closes: #1036706)
   * Refreshing patches
   * Stopping shipping the removed README.md file
   * Building without graal-sdk, which is unpackaged
   * Updating d/maven.ignoreRules for plugins to skip
   * Set upstream metadata fields: Security-Contact.
   * Removing unused Lintian override
Checksums-Sha1:
 2828e75f70d7896328175b14e3a5a8399487ce8c 2475 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc
 2068c02b46e4d76c12d20f032d240661a9d0b34b 172908 
xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz
 a533a5a71b91670063ae6c36514206ba4b7400e0 10380 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz
 950ea2e1a69d24eafa0fd4fc330527e091f877d1 14771 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 6d01359ac5a1318a28cbb8da018c3437d4cd4bd3f733751e97170411a0e359de 2475 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc
 8521c97faf3358c004bb99a36ec5d11e4b3b95cf33cbeaa6897bbb81ab545790 172908 
xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz
 e39cb3d2967472702efa31302beef9378bfffcff2c37f63de2ae689f1f4d2c81 10380 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz
 dabea8a699bb3bc181e7c33a8086f8daece8d99ad0d3c9f6074c22b3387b00dd 14771 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo
Files:
 083f4f8e21e4ab66073dfed7e96cc5e7 2475 java optional 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.dsc
 67d7b4ae247698bce6b278bec4015cf8 172908 java optional 
xerial-sqlite-jdbc_3.42.0.0+dfsg.orig.tar.xz
 f5a1556820e02bf788490853a5ed04ee 10380 java optional 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1.debian.tar.xz
 3e4a5eb24acaaf6bee4ec162f96ba808 14771 java optional 
xerial-sqlite-jdbc_3.42.0.0+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmSGPdAACgkQYAMWptwn
dHYIFRAAtaC325q3WQtnMutw0G63qJvbZbGQu+z0WkZUOphsqUrj4IZ7CcLni2mI
TFxq2qsvscF352ynUHe107aqf1pxr/kEY8EX9Hl0COCXq4uLx+AhK0Mct1W6D3TR
BbyZgXNXiuCNCuw4R3Do5BGWu4LxjSuJFa2p/8+jhyJ3zEXDcOKNaILCSkNZUelU
KForb6fxx0SCFPfG48GEAuHSNhGUc/XqCRIA+cnRkjFmvq+sHAQklJD9UUHdPodf
CzO92kr2uv202TnJJtjS4AfmYF8J9c3QBHsRUtS9grNp4d8xAvG+MvLMdl+a6+4c
4lDypfQ1yHLKeujONmxfQ+3CZ9Psgoo3rOclAgSW15hEic0DEaUnc8CmhGu9GHtL
gIdH9AgnHiof9hgh4lZRGxcOvEcHkjSBNrG89Q5gYY+BDvz2BoZLHwXkXcZ8y5RE
bZo7MxtSjXEuhMraUyqpB+YMaAvMtVNjEIkzeqt7lE2jV2s7pevtjXzn6ZMOu5Bx
IEAG6tFV5R6fU7fOFLtWUt/MEG52kObO4DVlDpmTZUwp8Lz996v7LSnVV1x1zs/x
zqrLTVCvz32doGYz/vLxB9rfa0z8UdntxgsCVmLsvCscMV2Uyucd5okskcniQVF4
zp9bVf1T1+gWxBTKHufTEw573DxU0wwdmrzOKaA4mksPlSMJaaA=
=MYeq
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to