libpgjava (42.5.4-1) unstable; urgency=medium
* New upstream version 42.5.4.
-- Christoph Berg <myon@debian.org> Fri, 17 Feb 2023 18:19:35 +0100
libpgjava (42.5.3-1) unstable; urgency=medium
* New upstream version 42.5.3.
-- Christoph Berg <myon@debian.org> Thu, 09 Feb 2023 11:26:33 +0100
libpgjava (42.5.1-1) unstable; urgency=medium
* New upstream version 42.5.1, fixes CVE-2022-41946.
-- Christoph Berg <myon@debian.org> Thu, 24 Nov 2022 12:54:21 +0100
libpgjava (42.5.0-1) unstable; urgency=medium
* New upstream version 42.5.0.
-- Christoph Berg <myon@debian.org> Fri, 26 Aug 2022 12:06:57 +0200
libpgjava (42.4.2-1) unstable; urgency=medium
* New upstream version 42.4.2.
-- Christoph Berg <myon@debian.org> Mon, 22 Aug 2022 14:24:18 +0200
libpgjava (42.4.1-1) unstable; urgency=medium
* New upstream version 42.4.1
Fixes SQL generated in PgResultSet.refresh() to escape column identifiers
so as to prevent SQL injection.
(Closes: #1016662, CVE-2022-31197, reported by Sho Kato)
Previously, the column names for both key and data columns in the table
were copied as-is into the generated SQL. This allowed a malicious table
with column names that include statement terminator to be parsed and
executed as multiple separate commands.
-- Christoph Berg <myon@debian.org> Mon, 08 Aug 2022 14:53:28 +0200
libpgjava (42.4.0-1) unstable; urgency=medium
* New upstream version 42.4.0.
-- Christoph Berg <myon@debian.org> Tue, 14 Jun 2022 15:18:49 +0200
libpgjava (42.3.6-1) unstable; urgency=medium
* New upstream version 42.3.6.
-- Christoph Berg <myon@debian.org> Fri, 27 May 2022 14:56:40 +0200
libpgjava (42.3.5-1) unstable; urgency=medium
* New upstream version 42.3.5.
-- Christoph Berg <myon@debian.org> Fri, 06 May 2022 16:51:03 +0200
libpgjava (42.3.4-1) unstable; urgency=medium
* New upstream version 42.3.4.
-- Christoph Berg <myon@debian.org> Mon, 02 May 2022 15:56:41 +0200
libpgjava (42.3.3-1) unstable; urgency=medium
* New upstream version 42.3.3.
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
-- Christoph Berg <myon@debian.org> Thu, 17 Feb 2022 13:08:38 +0100
libpgjava (42.3.2-1) unstable; urgency=medium
* New upstream version 42.3.2.
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
-- Christoph Berg <myon@debian.org> Fri, 04 Feb 2022 10:58:43 +0100
libpgjava (42.3.1-1) unstable; urgency=medium
* New upstream version 42.3.1.
-- Christoph Berg <myon@debian.org> Wed, 03 Nov 2021 16:53:04 +0100
libpgjava (42.2.24-1) unstable; urgency=medium
* New upstream version 42.2.24.
-- Christoph Berg <myon@debian.org> Wed, 29 Sep 2021 11:53:54 +0200
libpgjava (42.2.23-1) unstable; urgency=medium
* New upstream version 42.2.23.
-- Christoph Berg <myon@debian.org> Tue, 27 Jul 2021 17:05:40 +0200
libpgjava (42.2.22-1) unstable; urgency=medium
* New upstream version 42.2.22.
-- Christoph Berg <myon@debian.org> Wed, 30 Jun 2021 13:35:21 +0200
libpgjava (42.2.20-1) unstable; urgency=medium
* New upstream version 42.2.20.
* Update watch file for updated -jdbc-src.tar.gz names.
* Bump B-D on libscram-java to 2.1.
-- Christoph Berg <myon@debian.org> Fri, 23 Apr 2021 18:09:11 +0200
libpgjava (42.2.15-1) unstable; urgency=medium
* New upstream version.
+ Fixes XML External Entitiy (XXE) injection (CVE-2020-13692).
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
* Switch to src tarballs from maven repo, the upstream git repo tarballs
need gradle to compile. (https://github.com/pgjdbc/pgjdbc/issues/1440)
* Force doc build to be in English.
* Remove missing test dependencies:
classloader-leak-test-framework: Not packaged
junit: Packaged, but mvn doesn't find it
jupiter: Missing on older distributions.
* Defang package-contains-ancient-file caused by 1970 README.md.
* Test both md5 and scram-sha-256 connections.
* DH 13.
-- Christoph Berg <myon@debian.org> Mon, 10 Aug 2020 13:49:48 +0200
libpgjava (42.2.12-2) unstable; urgency=medium
* Team upload.
* debian/patches/05-cve-2020-13692.patch: New patch, fixes XML External
Entitiy (XXE) injection (CVE-2020-13692, Closes: #962828).
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
-- Michael Banck <michael.banck@credativ.de> Tue, 23 Jun 2020 16:07:07 +0200
libpgjava (42.2.12-1) unstable; urgency=medium
* New upstream version.
-- Christoph Berg <myon@debian.org> Thu, 30 Apr 2020 09:49:54 +0200
libpgjava (42.2.11-1) unstable; urgency=medium
* New upstream version.
-- Christoph Berg <myon@debian.org> Mon, 16 Mar 2020 10:00:13 +0100
libpgjava (42.2.10-1) unstable; urgency=medium
* New upstream version.
-- Christoph Berg <myon@debian.org> Wed, 19 Feb 2020 11:20:53 +0100
libpgjava (42.2.9-1) unstable; urgency=medium
* New upstream version.
-- Christoph Berg <myon@debian.org> Wed, 18 Dec 2019 11:47:04 +0100
libpgjava (42.2.8-1) unstable; urgency=medium
* New upstream version.
* Disable karaf feature, not yet available in Debian.
-- Christoph Berg <myon@debian.org> Mon, 16 Sep 2019 15:33:59 +0200
libpgjava (42.2.6-1) unstable; urgency=medium
* New upstream version.
* Add debian/gitlab-ci.yml.
-- Christoph Berg <myon@debian.org> Sat, 27 Jul 2019 23:37:13 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libpostgresql-jdbc-java`.
Generated by dwww version 1.15 on Thu May 23 02:23:14 CEST 2024.