Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libpgjava 42.7.7-1 (source) into unstable
Date: Fri, 13 Jun 2025 13:49:22 +0000
Signed by: Christoph Berg <myon@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jun 2025 15:26:53 +0200
Source: libpgjava
Architecture: source
Version: 42.7.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 libpgjava (42.7.7-1) unstable; urgency=medium
 .
   * New upstream version 42.7.7.
     Fixes CVE-2025-49146: When the PostgreSQL JDBC driver is configured with
     channel binding set to required (default value is prefer), the driver
     would incorrectly allow connections to proceed with authentication methods
     that do not support channel binding (such as password, MD5, GSS, or SSPI
     authentication). This could allow a man-in-the-middle attacker to
     intercept connections that users believed were protected by channel
     binding requirements.
Checksums-Sha1:
 09e4468b9fbdbce67aa566e3568bfdc5df75bf36 2420 libpgjava_42.7.7-1.dsc
 bf95dc7a9ab835185b80bff3283eb903d6735753 1052965 libpgjava_42.7.7.orig.tar.gz
 55d542519dd8f213d932f5a2284f39bae40e3f32 10480 libpgjava_42.7.7-1.debian.tar.xz
Checksums-Sha256:
 a983ffa7cdd966c2044e5ef2c71815a70b275dde7e92b2418471a9426ac13d0e 2420 libpgjava_42.7.7-1.dsc
 216e8ff44559bf1094f671c43d71f65863bff381fa8e0ec6934da5d59f5a112e 1052965 libpgjava_42.7.7.orig.tar.gz
 ed6ff596666815afc80140877af83a42eade5b496fd486e859ea8bfb4e86ff31 10480 libpgjava_42.7.7-1.debian.tar.xz
Files:
 3be9286e0671fd7c0ec2246a006fdda0 2420 java optional libpgjava_42.7.7-1.dsc
 0773de80142ff9f753271407fb161460 1052965 java optional libpgjava_42.7.7.orig.tar.gz
 108a42c16edb8eebbcdb30ac0b199d2a 10480 java optional libpgjava_42.7.7-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmhMKpIACgkQTFprqxLS
p64RoA//a1fsMkXNW0wMCZ69pPBFROlW/2s6pDf64XPGzOxRWlGSdTVZQ/NXPuq4
rIY0GASEiUNkF7NUekbqH2vX165N/wEOJaSlxXERbniEKzYjUd7hUnFYaLtY49LS
7GZMpzzNz/jvIPyFTijLxMa6l6Y8+wNzm8I2uinLINny1k7GJ7shyBtSPZZd7FOc
OrSJnT9C1AMx7wi37Svy/s7tr+SXS1ph1o6Nt3XMkG93TUTnmA3GYFAWtNF8tjpI
HyZYoUOFwBLzOyK/KFIbJGW7Bo2YfwnKKnWxoazuGeJaYe729UVJ8x6He/exvQA+
Ttzr7tASqCRUC0kJl7odpM6AVjS1lGllTFqJTa8XR08zHD+mQUQlNhVDItFbSxuM
Ab9QGh8xHrJE7tqWBU7vobm+/6PbdSygUBaBD1ynkiqBPeMn7bR8680OEki+pW7i
m7DwH4d9vUrJ0Zz26wZ+N/UAiiwK8nhcDU77b7SjazIQ6SyvlF8Zrl+OHNlBVAI3
zdWkqb56kjGVJDy3rFw5bjpsk2lz4PyM6pSnbRJFFzOFSCTE3OhTs/cJcgxYsdWW
/Qc3MJ8D3ovsp4eci1BCdD8BsGqi/yvC4FXz5cKfObZWOUEKo+CNDQdb4+5NLt1D
Mqd95itjOBir3mW5XLESciaXktvDqBjZ8zB1kGmyxUQcYKiBdyU=
=uFug
-----END PGP SIGNATURE-----

News for package libpgjava