Bug 31068

Summary: hsqldb new security issues CVE-2022-41853 and CVE-2023-1183
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: hsqldb-2.4.0-4.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-11-02 21:44:17 CET 
SUSE has issued an advisory on November 1:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012782.html

Mageia 8 is also affected.
David Walser 2022-11-02 21:44:29 CET

Whiteboard: (none) => MGA8TOO

Comment 2 David Walser 2022-11-21 22:35:22 CET 
RedHat has issued an advisory for this today (November 21):
https://access.redhat.com/errata/RHSA-2022:8560
Comment 3 David Walser 2022-12-12 16:34:00 CET 
Debian-LTS has issued an advisory for this on December 10:
https://www.debian.org/lts/security/2022/dla-3234
Comment 4 David Walser 2023-01-17 18:26:56 CET 
Debian has issued an advisory for this on January 11:
https://www.debian.org/security/2023/dsa-5313
Comment 5 David Walser 2023-06-22 20:47:10 CEST 
Debian has issued an advisory on June 21:
https://www.debian.org/security/2023/dsa-5437

Mageia 8 is also affected.

Summary: hsqldb new security issue CVE-2022-41853 => hsqldb new security issues CVE-2022-41853 and CVE-2023-1183

Comment 6 David GEIGER 2023-07-02 20:14:33 CEST 
hsqldb now removed from cauldron current java stack!

CC: (none) => geiger.david68210
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 7 Nicolas Salguero 2024-01-12 10:30:01 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => nicolas.salguero