From: jmm@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-5995-1                   security@debian.org   
   https://www.debian.org/security/                       Moritz Muehlenhoff   
   September 10, 2025                    https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : hsqldb1.8.0   
   CVE ID         : CVE-2023-1183   
      
   Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL   
   database engine, allowed the execution of spurious scripting commands in   
   .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally   
   used to record the commands input by the database admin to output such a   
   script. In combination with LibreOffice, an attacker could craft an odb   
   containing a "database/script" file which itself contained a SCRIPT command   
   where the contents of the file could be written to a new file whose location   
   was determined by the attacker.   
      
   For the stable distribution (trixie), this problem has been fixed in   
   version 1.8.0.10+dfsg-12.1+deb13u1.   
      
   We recommend that you upgrade your hsqldb1.8.0 packages.   
      
   For the detailed security status of hsqldb1.8.0 please refer to   
   its security tracker page at:   
   https://security-tracker.debian.org/tracker/hsqldb1.8.0   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjBuhoACgkQEMKTtsN8   
   TjYoAhAApF3ykXNhJEi5rYU1sCri/t3l0ZqAznqJjjl0fNkItH/BQtm55uFguhhd   
   8Fa8PK6gXA8qA63nIAlAa7AwxEcnwv+EIWnQ8oClIUaIhHe2pM4jUm5wrQJqLsr0   
   DrPmzGbQshyscGn+wpZL/gY38OllBPPTiBL/imB9YZa2lfO2PmHh9P4W+5sUeKDp   
   yUMaws1Q+3KXUzznwyPG/eHnVtGnUNgF9BVsYyZDHxscyLzMtYk6JY/S22lWh5K+   
   yfz0oQytjSi0LQ50dXtn01d0EwImXXc1PWurG88H8kEO9yQ+emjscZXeJ6RTnP8x   
   ELz+y/a125Q4xexmd4dBINRTYf7GIX0ozpleGuG3mKQ3pkJ+PNyHPCiNdpSVXDT1   
   MSLUhr51qrzCRFXCasN2PuHZvVgC4BBCh5r3M73Z4aRqSBJLVZF359sNiPVGcI2x   
   bsDceoD2gCxDjiF+2S3M4ynFUYRvfN6pAGx2MlNPfvNz8g46FfwsyW31c9FIN7yS   
   TqQK1ejQ12UgrScJgWogvbDQWizyO1Tcl/ih6tG/5gdMdZagWY8NU3D5Ub57oyxI   
   byMHF+m978WEMcj97oqPAoc6R+B+gG+UX6sLf24kppDOALjVuzZZ1wis+mCggx4C   
   C+00jiMxmgVLjJhetKd7WvbLgREJEq0sac3+4OXB5WY40JTX9JI=   
   =k7OD   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)