apache-jena (4.9.0-1)
[PTS] [DDPO]
COMMITS: VCS has seen 1 commit since the debian/4.9.0-1 tag
- Git: https://salsa.debian.org/java-team/apache-jena.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 778240
- Browser: https://salsa.debian.org/java-team/apache-jena
- Last scan: 2024-10-04 18:01:04+00
- Next scan: 2024-10-11 11:53:00+00
- Debian changelog in Git:
apache-jena (4.9.0-1) unstable; urgency=medium
* New upstream version 4.9.0.
- Fix CVE-2023-22665: (Closes: #1041108)
There is insufficient checking of user queries in Apache Jena versions
4.7.0 and earlier, when invoking custom scripts. It allows a remote user
to execute arbitrary javascript via a SPARQL query.
- Fix CVE-2023-32200: (Closes: #1035952)
There is insufficient restrictions of called script functions in Apache
Jena versions 4.8.0 and earlier. It allows a remote user to execute
javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
through 4.8.0.
* B-D on libcaffeine-java and libcommons-collections4-java.
* Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
* Rebase and update the patches for the new release.
-- Markus Koschany <apo@debian.org> Thu, 14 Sep 2023 19:21:03 +0200
- This branch is 1 commit ahead of tag debian/4.9.0-1
- Git log:
commit b6696db03e6868781659834ba6948dbd0acbb65b
Author: Markus Koschany <apo@debian.org>
Date: Thu Sep 14 19:43:02 2023 +0200
d/copyright: remove Files-Excluded paragraph.
The js files have been removed upstream.