Format: 1.8
Date: Thu, 14 Sep 2023 19:21:03 +0200
Source: apache-jena
Binary: libapache-jena-java
Built-For-Profiles: noudeb
Architecture: all
Version: 4.9.0-1
Distribution: noble-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-049.buildd>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libapache-jena-java - Java framework for building Semantic Web applications
Closes: 1035952 1041108
Changes:
 apache-jena (4.9.0-1) unstable; urgency=medium
 .
   * New upstream version 4.9.0.
     - Fix CVE-2023-22665: (Closes: #1041108)
       There is insufficient checking of user queries in Apache Jena versions
       4.7.0 and earlier, when invoking custom scripts. It allows a remote user
       to execute arbitrary javascript via a SPARQL query.
     - Fix CVE-2023-32200: (Closes: #1035952)
       There is insufficient restrictions of called script functions in Apache
       Jena versions 4.8.0 and earlier. It allows a remote user to execute
       javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
       through 4.8.0.
   * B-D on libcaffeine-java and libcommons-collections4-java.
   * Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
   * Rebase and update the patches for the new release.
Checksums-Sha1:
 62998273c85896e74f75183ba1d5cc18b8f9c311 14676 apache-jena_4.9.0-1_amd64.buildinfo
 b75a24417565f067d9081c15a2163ed797e8908f 7605972 libapache-jena-java_4.9.0-1_all.deb
Checksums-Sha256:
 09cf97b4e7524c453b92444418d982e90be7050a7ef152b31d930f6d53483230 14676 apache-jena_4.9.0-1_amd64.buildinfo
 1a911064afa687e2e48cd4ccb5e1ceb52bbaa3ed1310ac7f7eae901be15585fe 7605972 libapache-jena-java_4.9.0-1_all.deb
Files:
 d15663bffdce0b947427cbf1eb53bd6b 14676 java optional apache-jena_4.9.0-1_amd64.buildinfo
 e1c617753089e81466d2e3db0831302e 7605972 java optional libapache-jena-java_4.9.0-1_all.deb