CVE-2006-7216

NameCVE-2006-7216
DescriptionApache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
derby (PTS)buster10.14.2.0-1fixed
bookworm, bullseye10.14.2.0-2fixed
sid, trixie10.14.2.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
derbysource(unstable)(not affected)

Notes

- derby <not-affected> (Fixed before initial upload to Debian)
http://issues.apache.org/jira/browse/DERBY-1708
Search for package or bug name: Reporting problems