Format: 1.8
Date: Thu, 14 Sep 2023 19:21:03 +0200
Source: apache-jena
Binary: libapache-jena-java
Architecture: all
Version: 4.9.0-1
Distribution: sid
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libapache-jena-java - Java framework for building Semantic Web applications
Closes: 1035952 1041108
Changes:
 apache-jena (4.9.0-1) unstable; urgency=medium
 .
   * New upstream version 4.9.0.
     - Fix CVE-2023-22665: (Closes: #1041108)
       There is insufficient checking of user queries in Apache Jena versions
       4.7.0 and earlier, when invoking custom scripts. It allows a remote user
       to execute arbitrary javascript via a SPARQL query.
     - Fix CVE-2023-32200: (Closes: #1035952)
       There is insufficient restrictions of called script functions in Apache
       Jena versions 4.8.0 and earlier. It allows a remote user to execute
       javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
       through 4.8.0.
   * B-D on libcaffeine-java and libcommons-collections4-java.
   * Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
   * Rebase and update the patches for the new release.
Checksums-Sha1:
 4b931ddf36ca6a067c208043ce292b2b1918d37d 14809 apache-jena_4.9.0-1_arm64.buildinfo
 e45fc93e7c3984f661ba63f1d064462b26e49f01 7648740 libapache-jena-java_4.9.0-1_all.deb
Checksums-Sha256:
 37b953b3e4f76fc6576908ce001905a959ac152f8d113fab9feb2798739736f7 14809 apache-jena_4.9.0-1_arm64.buildinfo
 2e2bf5a00214f5d02b3afedd075c93d4b33bb8e94e4f610ee75b1d6894e15cab 7648740 libapache-jena-java_4.9.0-1_all.deb
Files:
 7403c7fb111e63bd020398c0af17c2e8 14809 java optional apache-jena_4.9.0-1_arm64.buildinfo
 c112fab0f599a0346bc7e514ef5d39c4 7648740 java optional libapache-jena-java_4.9.0-1_all.deb