Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL2rt-0001z7-7W for pgsql-pkg-debian@arkaria.postgresql.org; Mon, 08 Aug 2022 13:32:29 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1oL2rq-000653-Q1 for pgsql-pkg-debian@arkaria.postgresql.org; Mon, 08 Aug 2022 13:32:26 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL2rq-00064t-JB for pgsql-pkg-debian@lists.postgresql.org; Mon, 08 Aug 2022 13:32:26 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL2rn-0000jf-EB for pgsql-pkg-debian@lists.postgresql.org; Mon, 08 Aug 2022 13:32:25 +0000 Received: from atalia.postgresql.org ([2001:4800:3e1:1::231]) by mahout.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL2rm-00045Y-G6 for pgsql-pkg-debian@lists.postgresql.org; Mon, 08 Aug 2022 13:32:23 +0000 Received: from myon by atalia.postgresql.org with local (Exim 4.92) (envelope-from ) id 1oL2rm-0002aT-1P for pgsql-pkg-debian@lists.postgresql.org; Mon, 08 Aug 2022 13:32:22 +0000 From: apt.postgresql.org Repository Update To: PostgreSQL on Debian and Ubuntu Reply-To: PostgreSQL on Debian and Ubuntu Subject: libpgjava updated to version 42.4.1-1.pgdg+1 Message-Id: Date: Mon, 08 Aug 2022 13:32:22 +0000 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk The package libpgjava was updated on apt.postgresql.org. apt-listchanges: Changelogs --------------------------- libpgjava (42.4.1-1.pgdg+1) sid-pgdg; urgency=medium * Rebuild for sid-pgdg. * No source changes. -- PostgreSQL on Debian and Ubuntu Mon, 08 Aug 2022 14:53:28 +0200 libpgjava (42.4.1-1) unstable; urgency=medium * New upstream version 42.4.1 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection. (Closes: #1016662, CVE-2022-31197, reported by Sho Kato) Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands. -- Christoph Berg Mon, 08 Aug 2022 14:53:28 +0200 New version 42.4.1-1.pgdg+1: libpgjava | 42.4.1-1.pgdg+1 | sid-pgdg | source libpgjava | 42.4.1-1.pgdg120+1 | bookworm-pgdg | source libpgjava | 42.4.1-1.pgdg110+1 | bullseye-pgdg | source libpgjava | 42.4.1-1.pgdg100+1 | buster-pgdg | source libpgjava | 42.2.15-1.pgdg90+1 | stretch-pgdg | source libpgjava | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | source libpgjava | 42.4.0-1.pgdg21.10+1 | impish-pgdg | source libpgjava | 42.4.1-1.pgdg20.04+1 | focal-pgdg | source libpgjava | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | source libpostgresql-jdbc-java | 42.4.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el libpostgresql-jdbc-java | 42.4.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.4.1-1.pgdg110+1 | bullseye-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.4.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el libpostgresql-jdbc-java | 42.2.15-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el libpostgresql-jdbc-java | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.4.0-1.pgdg21.10+1 | impish-pgdg | amd64 libpostgresql-jdbc-java | 42.4.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg110+1 | bullseye-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el libpostgresql-jdbc-java-doc | 42.2.15-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java-doc | 42.4.0-1.pgdg21.10+1 | impish-pgdg | amd64 libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java-doc | 42.4.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el The public mirrors serving apt.postgresql.org are synced hourly, the updated packages will be available there shortly.