Version in base suite: 2.5.1-1+deb11u1

Base version: hsqldb_2.5.1-1+deb11u1
Target version: hsqldb_2.5.1-1+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/h/hsqldb/hsqldb_2.5.1-1+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/h/hsqldb/hsqldb_2.5.1-1+deb11u2.dsc

 changelog                  |    8 ++++++++
 patches/CVE-2023-1183.diff |   26 ++++++++++++++++++++++++++
 patches/series             |    1 +
 3 files changed, 35 insertions(+)

diff -Nru hsqldb-2.5.1/debian/changelog hsqldb-2.5.1/debian/changelog
--- hsqldb-2.5.1/debian/changelog	2023-01-10 21:07:42.000000000 +0000
+++ hsqldb-2.5.1/debian/changelog	2023-06-17 10:51:34.000000000 +0000
@@ -1,3 +1,11 @@
+hsqldb (2.5.1-1+deb11u2) bullseye-security; urgency=medium
+
+  * Team upload.
+
+  * fix CVE-2023-1183 
+
+ -- Rene Engelhard <rene@debian.org>  Sat, 17 Jun 2023 12:51:34 +0200
+
 hsqldb (2.5.1-1+deb11u1) bullseye-security; urgency=high
 
   * Team upload.
diff -Nru hsqldb-2.5.1/debian/patches/CVE-2023-1183.diff hsqldb-2.5.1/debian/patches/CVE-2023-1183.diff
--- hsqldb-2.5.1/debian/patches/CVE-2023-1183.diff	1970-01-01 00:00:00.000000000 +0000
+++ hsqldb-2.5.1/debian/patches/CVE-2023-1183.diff	2023-06-17 10:51:34.000000000 +0000
@@ -0,0 +1,26 @@
+diff --git a/hsqldb/src/org/hsqldb/StatementCommand.java b/hsqldb/src/org/hsqldb/StatementCommand.java
+index ab29d28..eaef1ab 100644
+--- a/hsqldb/src/org/hsqldb/StatementCommand.java
++++ b/hsqldb/src/org/hsqldb/StatementCommand.java
+@@ -963,6 +963,10 @@ public class StatementCommand extends Statement {
+                 try {
+                     session.checkAdmin();
+ 
++                    if (session.isProcessingScript() || session.isProcessingLog()) {
++                        return Result.updateZeroResult;
++                    }
++
+                     if (name == null) {
+                         return session.database.getScript(false);
+                     } else {
+@@ -1028,6 +1032,10 @@ public class StatementCommand extends Statement {
+                     int     mode         = ((Integer) arguments[1]).intValue();
+                     Boolean isVersioning = (Boolean) arguments[2];
+ 
++                    if (session.isProcessingScript() || session.isProcessingLog()) {
++                        return Result.updateZeroResult;
++                    }
++
+                     return ScriptLoader.loadScriptData(
+                         session, pathName, mode, isVersioning.booleanValue());
+                 } catch (HsqlException e) {
diff -Nru hsqldb-2.5.1/debian/patches/series hsqldb-2.5.1/debian/patches/series
--- hsqldb-2.5.1/debian/patches/series	2023-01-10 21:07:42.000000000 +0000
+++ hsqldb-2.5.1/debian/patches/series	2023-06-17 10:51:34.000000000 +0000
@@ -1 +1,2 @@
 CVE-2022-41853.patch
+CVE-2023-1183.diff