Debian Patches
Status for libpgjava/42.2.15-1+deb11u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0002-Merge-pull-request-from-GHSA-562r-vg33-8x8h.patch | Merge pull request from GHSA-562r-vg33-8x8h * Fix: createTempFile vulnerability on unix like systems where temporary files can be read by other users on the system * Update site with change logs and new version information |
Dave Cramer <davecramer@gmail.com> | no | 2022-11-23 | ||
| 0003-Merge-pull-request-from-GHSA-24rp-q3w6-vc56.patch | Merge pull request from GHSA-24rp-q3w6-vc56 * SQL Injection via line comment generation for 42_2_x * fix: Add parentheses around NULL parameter values in simple query mode |
Dave Cramer <davecramer@gmail.com> | no | 2024-02-19 | ||
| 0004-Merge-pull-request-from-GHSA-24rp-q3w6-vc56.patch | Merge pull request from GHSA-24rp-q3w6-vc56 * SQL Injection via line comment generation for 42_2_x * fix: Add parentheses around NULL parameter values in simple query mode * simplify code, handle binary and add tests * remove extra spaces |
Dave Cramer <davecramer@gmail.com> | no | 2024-02-20 | ||
| 02-scram-optional.patch | Setting the scope in debian/maven.rules does not propagate the setting to /usr/share/maven-repo/org/postgresql/postgresql/debian/postgresql-debian.pom, so patch it manually here |
no | upstream | |||
| missing-test-deps | Remove missing test dependencies | no | ||||
| CVE-2022-21724.patch | CVE-2022-21724 | Markus Koschany <apo@debian.org> | no | https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 | 2022-07-03 | |
| CVE-2022-26520.patch | CVE-2022-26520 | Markus Koschany <apo@debian.org> | no | https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 | 2022-07-03 | |
| 0001-Merge-pull-request-from-GHSA-r38f-c4h4-hqq2.patch | Merge pull request from GHSA-r38f-c4h4-hqq2 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection. Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands. Also adds a new test class ResultSetRefreshTest to verify this change. |
Sehrope Sarkuni <sehrope@jackdb.com> | no | 2022-08-01 |
All known versions for source package 'libpgjava'
- 42.7.5-1 (sid, trixie)
- 42.5.5-0+deb12u1 (bookworm)
- 42.2.15-1+deb11u2 (bullseye-security)
- 42.2.15-1+deb11u1 (bullseye)