Your message dated Sat, 24 Jun 2023 15:32:09 +0000 with message-id <e1qd5fb-0068qy...@fasolo.debian.org> and subject line Bug#1036706: fixed in xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 has caused the Debian Bug report #1036706, regarding xerial-sqlite-jdbc: CVE-2023-32697 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036706 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xerial-sqlite-jdbc Version: 3.40.1.0+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for xerial-sqlite-jdbc. CVE-2023-32697[0]: | SQLite JDBC is a library for accessing and creating SQLite database | files in Java. Sqlite-jdbc addresses a remote code execution | vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 | through 3.41.2.1 and has been fixed in version 3.41.2.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32697 https://www.cve.org/CVERecord?id=CVE-2023-32697 [1] https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xerial-sqlite-jdbc Source-Version: 3.40.1.0+dfsg-1+deb12u1 Done: Pierre Gruet <p...@debian.org> We believe that the bug you reported is fixed in the latest version of xerial-sqlite-jdbc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1036...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Gruet <p...@debian.org> (supplier of updated xerial-sqlite-jdbc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Jun 2023 23:19:59 +0200 Source: xerial-sqlite-jdbc Architecture: source Version: 3.40.1.0+dfsg-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Pierre Gruet <p...@debian.org> Closes: 1036706 Changes: xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium . * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm, Closes: #1036706) Checksums-Sha1: f68b6003914af37fed89e8f11cf15acf3ef3dcbf 2507 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc 94f5faa87dc3cbdb175d1a610d1753376c76bf6e 10536 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz c7585c19c01091ac3a36df09cc31057191cd1731 14560 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo Checksums-Sha256: 1f15e8285dd0212f780ecd23c70ded841dabeda00a3548e23ed6aed9fe4af91e 2507 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc 4369c7cefb09afc82f27840d95b09054c619cfe84b2525786fad441305493ffa 10536 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz f49b13976f6c659c65d7e03310864cbfff3c2ebbeeeb945c88680f5bf6f4e4f0 14560 xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo Files: d9d1daf9a3b899223b8e91dbe1fe5eda 2507 java optional xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc 1e94cbaffba18ce93b60bc3ad55ee960 10536 java optional xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz a224929a138f7c752b080e7c9c4ae598 14560 java optional xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmSOCQ8ACgkQYAMWptwn dHYFChAAtqLRAgc+JR6ClN7iRQ85Fxu9L2yeAibs3hq/oPFPObyfpyqyRhbj83Fy rjjXQH96KvkKiJ5yn5nOmHdZZ9UPDoKv8S69ZMEwGb+3qbma+x0KRfrRtq6nLG0o RKDG1Hlr0ZArqQhQIufN2HIL4M8oq7QjTT92aLHrjeGeLuL1GVE+MBvliEsCLvhZ zMxyvwbdZIl97cw1dEv3R72OEoGeKle+CBlvHvpZQ822A5XFTzH3YOraLdcxJxJW NOrd52t/6Pf7buVQ4NUiy2wWnYO8it/w5JS9u9xHaO26wXeUJAvykQPOgnGpKCG9 QNIzsDbcRnUpkFARtSclp7F6/T15+2YKqfJzFf40UlOhLfne/a0RjlcRRGjLD+ij Nlroearr6IQsEq9bLG7Asyd/Rp8t91V+/B1kMQe7UD7eHXzfRuVdStlDLZwRwv5K k5PIYPYmmrBWO7Qdi2wE6uwCODvJ/WekmXKfLpe8sDUl0bu27ZrJmXkISWMFjwax dMEaaDlnUAaKBCXar+wIg9wKfNCJv4zeC10LK1IZlTqxHLKHxEtic6AKrfwCQOOw fXRBxQyueQa5nQ3Zx8OJs8jCSTUSkcNwTQeEFddgsTFRjHiyU9PWUnKOzskgMVcg 2y1PFTUevrTziPdChfQXGqujR5l64NMMLsbQAWQ9KJ9gHOEqXG8= =18Mp -----END PGP SIGNATURE-----
--- End Message ---
