Back to pgbouncer PTS page

Accepted pgbouncer 1.16.1-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 26 Nov 2021 11:19:53 +0100
Source: pgbouncer
Architecture: source
Version: 1.16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 pgbouncer (1.16.1-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     Make PgBouncer acting as a server reject extraneous data after an
     SSL or GSS encryption handshake.
 .
     A man-in-the-middle with the ability to inject data into the TCP
     connection could stuff some cleartext data into the start of a
     supposedly encryption-protected database session.  This could be
     abused to send faked SQL commands to the server, although that would
     only work if PgBouncer did not demand any authentication data.
     (However, a PgBouncer setup relying on SSL certificate
     authentication might well not do so.)
 .
     (Similar to CVE-2021-23214 in the PostgreSQL server.)
Checksums-Sha1:
 924abc86c55ff40359c092dcad4d76d34d4f93d5 2213 pgbouncer_1.16.1-1.dsc
 14c75af0b5a11b0363b6146170b516db498fc998 591450 pgbouncer_1.16.1.orig.tar.gz
 3f67f1faa7f1c9d304d452374057a572a43b0ee7 10268 pgbouncer_1.16.1-1.debian.tar.xz
Checksums-Sha256:
 c64d1f493b83eb2f12f9255d7ecdd2f1df89b12ee5db844b0f71abd2ee6bcdff 2213 pgbouncer_1.16.1-1.dsc
 087477e9e4766d032b04b7b006c0c8d64160a54141a7bfc2c6e5ae7ae11bf7fc 591450 pgbouncer_1.16.1.orig.tar.gz
 b4245e351a2611403d86cbae79b2e0622e2363413f4ff628084b93029d510c86 10268 pgbouncer_1.16.1-1.debian.tar.xz
Files:
 195bd42c151d77e8db0cdc91efb0b849 2213 database optional pgbouncer_1.16.1-1.dsc
 c9cc6318f97f1a55d026b6df3a42fa3d 591450 database optional pgbouncer_1.16.1.orig.tar.gz
 e1a6bd8e40d3d2634dc240e836b4f79b 10268 database optional pgbouncer_1.16.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmGguNgACgkQTFprqxLS
p6430Q//QjYdt259DqAvmn4ACh5eadapgNRW2YZO+/t9zZz0cYMVUkSwriMWFPW8
MvWv8qne/tbgo2MXeMWMfC4z8aC2x3npkr2Wey4+7F6onFnX3rblnDwNqYVg3K6Q
b+guIC0w1NZwCHTwXyv9v9F5lxYELaIj8MF0OeDw7UiM9/uOn37JNpN1C30yikJn
ihrgqEH54O9MA1qw63joMYgGIhjO4Mj9fbPL+Ohw1ktg3iK5XxYD6tFOJKW8e6eL
3VnQ2AYEuF/mT8Gskg585iQB7OoQKhaYWZK0fxrwHxU+Qgojx2+Yhsp09TvBwzww
pwBmPZ7CRhiUi6k3EPxGlZo/X8J36Z5D+NySOQxGPnNUjqe9yjzB+S+gssVCl3RP
0sXPb+L49q6MzyG9S82L9v/5YPf33NRX8xK53HAMjXrn35BP6aeowSKzaCYnFXIf
QtZ19RejBUK9NjPynNcFNKpylpU4GrkAEnt2W3xzKxYK1/csPFXJYqfK2S8SRB6Q
BibyFtB9SYtzEfuwT1HW7EVOSTLXpqvVTN65MMNmaogm4s5FKX6yYC52CnxEuFED
jBTpQhvNikoEeDFgz63I5Jx0rFD+8G1qid3G59t48Pvw4BwFXXpF9h/06VzxfOWI
WTgHAAObSyf1j0mSgcyHv9KNuePZ7W0H/fnBtM1m4FWiFAIBtTs=
=hx+P
-----END PGP SIGNATURE-----