-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3140-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb October 07, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libpgjava Version : 42.2.5-2+deb10u2 CVE ID : CVE-2022-31197 Debian Bug : #1016662 It was discovered that there was a potential SQL injection vulnerability in libpgjava, a Java library for connecting to PostgreSQL databases. A malicious user could have crafted a schema that caused an application to execute commands as a privileged user due to the lack of escaping of column names in some operations. For Debian 10 buster, this problem has been fixed in version 42.2.5-2+deb10u2. We recommend that you upgrade your libpgjava packages. For the detailed security status of libpgjava please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libpgjava Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNAZuQACgkQHpU+J9Qx Hlhy5hAAu4GAO9XZznUiT53ch3J0Dl69kJ1I83f0a6v8b7VSF6Aio1GIfxrD3xFJ zNlmPS/jpK0k5N7VIfjOct+cdWqmeSJgPvwcFT3Z/ofcM2X23FPUUvpPQiBasnHD rE4LY1ehsxMlw71iZxwkR3wqDiVSAaa8tuGwm+QIOC20z4eS9M/j4AGeRt1aRYFr ADVgLCzfcR3wMMEvgfqNf0S7aVpcT2dRLk0bkkqC36gc9CxwQpND//6BYAKdNF15 82FH95F0wnaE0FTsbd4FGwm3NwJ4lmx5wARi3pcChUaLS/sQ6P7ugNbsLdpGo6Bf 2ud5QO84173WimFwMqqwlZ5gfM+bH+ZYdgx2pBrjMG/8Ke4KEl2GuZY6KjsVUp+D DNHY/du8+aqHJVhJz0gufp2v3t40/ItedWqsClRcJprCcpzWu5lTOv9HzVUNw0x3 O8ivMWxFj/Sp/uGIFKePUQzB631NcZ/GZMtryFyUhGABukTlQh9BQuYS1dbPCB1n yf6fndIVIFasRf5en/R7dWJeE5sfU3/+Ue3AcFhcVoPdETEq2fQlxGBB6TZXiN6T GBntA5jaSHHWI8czslYhkhsmHbNExVeRpIY7imTC0Un22yfqoq2F4mYjYHIB5KjY 1sV8daGZRfMs4M9KODqQzqTjLncEDqZzJTf/iq10/5mn5N773wg= =LQ7F -----END PGP SIGNATURE-----
