Overview

File _patchinfo of Package patchinfo.23479

<patchinfo incident="23479">
  <issue tracker="bnc" id="1196693">postgresql-jdbc does not support whitespace and other special chars in the password with scram-sha-256</issue>
  <issue tracker="bnc" id="1197356">VUL-0: CVE-2022-26520: postgresql-jdbc: Arbitrary File Write Vulnerability</issue>
  <issue tracker="jsc" id="SLE-23994"/>
  <issue tracker="cve" id="2022-26520"/>
  <packager>mcalmer</packager>
  <rating>moderate</rating>
  <category>feature</category>
  <summary>Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc</summary>
  <description>This feature update for ongres-scram, ongres-stringprep, postgresql-jdbc provides:

    
ongres-scram:

- Upgrade from version 1.0.0-beta.2 to version 2.1. (jsc#SLE-23994)
  * Add standard `SASLPrep` (bsc#1196693, jsc#SLE-23994)
  * Failover to bouncy castle implementation of `PBKDF2WithHmacSHA256` to support Oracle JDK 7
  * Updated `saslprep` to version 1.1 to remove a build dependency coming from the `stringprep` module

ongres-stringprep:

- Introduce `ongres-stringprep` 1.1 as dependency of `ongres-scram`. (bsc#1196693, jsc#SLE-23994)

postgresql-jdbc: 

- CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356)
- Upgrade postgresql-jdbc from version 42.2.16 to version 42.2.25 (jsc#SLE-23994)
  * Use `SASLprep` normalization for SCRAM authentication and fixes issues with spaces in passwords. (bsc#1196693)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places