Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • pristine-tar
  • upstream
  • buster
  • bullseye
  • debian/2.2.220-1
  • upstream/2.2.220
  • debian/2.1.214-1
  • upstream/2.1.214
  • debian/2.1.212-1
  • upstream/2.1.212
  • debian/2.1.210+really1.4.197-1
  • upstream/2.1.210+really1.4.197
  • debian/1.4.197-4+deb10u1
  • debian/1.4.197-4+deb11u1
  • debian/2.1.210-1
  • upstream/2.1.210
  • debian/1.4.197-4
  • debian/1.4.197-3
  • debian/1.4.197-2
  • debian/1.4.197-1
  • upstream/1.4.197
  • debian/1.4.196-2
  • debian/1.4.196-1
  • upstream/1.4.196
25 results
Compare
Markus Koschany's avatar
Import Debian changes 1.4.197-4+deb11u1
Markus Koschany authored 
h2database (1.4.197-4+deb11u1) bullseye-security; urgency=high
.
  * Team upload.
  * Security researchers of JFrog Security and Ismail Aydemir discovered two
    remote code execution vulnerabilities in the H2 Java SQL database engine
    which can be exploited through various attack vectors, most notably through
    the H2 Console and by loading custom classes from remote servers through
    JNDI. The H2 console is a developer tool and not required by any
    reverse-dependency in Debian. It has been disabled in (old)stable
    releases. Database developers are advised to use at least version
    2.1.210-1, currently available in Debian unstable.
6bece2c3
History
Markus Koschany's avatar 6bece2c3
History