Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted pgbouncer 1.15.0-1+deb11u2 (source) into oldoldstable-security
Date: Sat, 27 Dec 2025 13:10:24 +0000
Signed by: Andreas Henriksson <ah@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Dec 2025 12:40:00 +0100
Source: pgbouncer
Architecture: source
Version: 1.15.0-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Changes:
 pgbouncer (1.15.0-1+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 1b73bd186b489fd53a480ae89551ad7d65c1fbe5 2245 pgbouncer_1.15.0-1+deb11u2.dsc
 ea7e9dbcab178f439a0fa402a78a7f1e4f43e6d4 588042 pgbouncer_1.15.0.orig.tar.gz
 0778f99d81a93a642e1d412d083ac02fa81cb67c 14704 pgbouncer_1.15.0-1+deb11u2.debian.tar.xz
 5011059ff2471d0c721e2d17ec29ecf60c592b03 7057 pgbouncer_1.15.0-1+deb11u2_source.buildinfo
Checksums-Sha256:
 f258701216751f3545d17bf6ac8b56486aeab14ba2f7aca1b8544ec8b07408ca 2245 pgbouncer_1.15.0-1+deb11u2.dsc
 e05a9e158aa6256f60aacbcd9125d3109155c1001a1d1c15d33a37c685d31380 588042 pgbouncer_1.15.0.orig.tar.gz
 30feb4f606effdd721e2c3836074740e0b5b194be6895317be2fa83498ad1c43 14704 pgbouncer_1.15.0-1+deb11u2.debian.tar.xz
 a2d5b5fe4ddf9a0a5c1cfe81c35ec0372f430df790bb6d7e615918cbbf433bb7 7057 pgbouncer_1.15.0-1+deb11u2_source.buildinfo
Files:
 6d515b738ec958a80449afe5001d9438 2245 database optional pgbouncer_1.15.0-1+deb11u2.dsc
 1276f106df7dc49bac756ddd31abc558 588042 database optional pgbouncer_1.15.0.orig.tar.gz
 83c6a614cd982e1b2f29f8d8e9696f37 14704 database optional pgbouncer_1.15.0-1+deb11u2.debian.tar.xz
 9b2e4ba3f62f6f465108f4973260ef54 7057 database optional pgbouncer_1.15.0-1+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmlP1uwACgkQC8R9xk0T
UwZg+Q/+J9vDu+1d0yZUUHCfahwmfvCTpQ2R8PEjcjJDBs2wGqy7BFq0Kq4oXaj5
/rety2dt8+2Fx5/D37cO4rw1JYFBiGrAJoGgXcj1l+lfl1WPKyih0nuX9hhuCHOo
7BsosIFxkPMJ852yKwGlO1s3lM5+G45vSExYBU0sp+wm0OQu7qa7JpWD+8fCxzot
IIOVoJaZH4xuwcBamZGnnGrcHP2kAC6GHKxsyX/s8G6dVsSGbDcrJBudgy3l6lAF
76Vy2uIhEKePNXW9XyOXm99RvyfUWJMO1QtU3H/NrEuh2KpdBkk02MgB9BSAJ7hE
OjxfisApQfs6X6lj0pQnVYV/L/uKsM9cdLH9mr7mVPm0BmSFNwnaENNkJXwUTQfI
Cb8NzJvaCqPfO9s1uh3/wM1s7UcUqhDQsWzCMfyR2jhmJTnlxJqGwvkY8k58B2Z+
Q8PJm3G+ms2mT2qxyZ2YK38jAbnKh5YIeCUZPDT8EoePExHlP+SQ6tDoOkGAPx3H
HHspK1cek+pAlHDq1gQm/0Ufe+Rc92HCvtcy5riT3PEWz2a775fUsvfzHUGd5eh8
qdgzGDp4G7609rKAamy1T4EGRbGT+jm5Gw8LlNnnFt8olZhPBCqCJaSo7yvyakN8
gYgrN+IFpkyY28OOJSV0g1o/Z0G+iZtYP/fvomu/EvF5+6gdKOo=
=Sqcd
-----END PGP SIGNATURE-----

News for package pgbouncer