| From: | apt(dot)postgresql(dot)org Repository Update <noreply(at)postgresql(dot)org> |
|---|---|
| To: | PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | pgbouncer updated to version 1.16.1-1.pgdg+1 |
| Date: | 2021-12-06 07:24:24 |
| Message-ID: | E1mu8MK-0007EK-Kg@atalia.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
The package pgbouncer was updated on apt.postgresql.org.
apt-listchanges: Changelogs
---------------------------
pgbouncer (1.16.1-1.pgdg+1) sid-pgdg; urgency=medium
* Rebuild for sid-pgdg.
* No source changes.
-- PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> Fri, 26 Nov 2021 11:19:53 +0100
pgbouncer (1.16.1-1) unstable; urgency=medium
* New upstream version.
Make PgBouncer acting as a server reject extraneous data after an
SSL or GSS encryption handshake.
A man-in-the-middle with the ability to inject data into the TCP
connection could stuff some cleartext data into the start of a
supposedly encryption-protected database session. This could be
abused to send faked SQL commands to the server, although that would
only work if PgBouncer did not demand any authentication data.
(However, a PgBouncer setup relying on SSL certificate
authentication might well not do so.)
(Similar to CVE-2021-23214 in the PostgreSQL server.)
-- Christoph Berg <myon(at)debian(dot)org> Fri, 26 Nov 2021 11:19:53 +0100
New version 1.16.1-1.pgdg+1:
pgbouncer | 1.16.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.16.1-1.pgdg110+1 | bullseye-pgdg | amd64, ppc64el, source
pgbouncer | 1.16.0-1.pgdg110+1 | bullseye-pgdg | arm64
pgbouncer | 1.16.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg21.10+1 | impish-pgdg | amd64, source
pgbouncer | 1.16.1-1.pgdg21.04+1 | hirsute-pgdg | amd64, source
pgbouncer | 1.16.0-1.pgdg20.10+1 | groovy-pgdg | amd64, source
pgbouncer | 1.16.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.16.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.15.0-1.pgdg16.04+1 | xenial-pgdg | amd64, i386, ppc64el, source
pgbouncer-dbg | 1.15.0-1.pgdg16.04+1 | xenial-pgdg | amd64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg110+1 | bullseye-pgdg | amd64, ppc64el
pgbouncer-dbgsym | 1.16.0-1.pgdg110+1 | bullseye-pgdg | arm64
pgbouncer-dbgsym | 1.16.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg21.10+1 | impish-pgdg | amd64
pgbouncer-dbgsym | 1.16.1-1.pgdg21.04+1 | hirsute-pgdg | amd64
pgbouncer-dbgsym | 1.16.0-1.pgdg20.10+1 | groovy-pgdg | amd64
pgbouncer-dbgsym | 1.16.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el
The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | apt.postgresql.org Repository Update | 2021-12-06 07:24:54 | pglogical updated to version 2.4.0-2.pgdg+1 |
| Previous Message | apt.postgresql.org Repository Update | 2021-12-06 07:23:45 | pgbackrest updated to version 2.36-1.pgdg+1 |