-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 02 Nov 2012 10:05:27 +0100 Source: pgbouncer Binary: pgbouncer Architecture: source amd64 Version: 1.5.2-4 Distribution: unstable Urgency: medium Maintainer: Christoph Berg <myon@debian.org> Changed-By: Christoph Berg <myon@debian.org> Description: pgbouncer - lightweight connection pooler for PostgreSQL Closes: 692103 Changes: pgbouncer (1.5.2-4) unstable; urgency=medium . * Cherry-pick from 1.5.3: Closes: #692103. http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525 Thanks to Markus Wanner for helping fix this. . = Critical fix = * Too long database names can lead to crash, which is remotely triggerable if autodbs are enabled. . The original checks assumed all names come from config files, thus using fatal() was fine, but when autodbs are enabled - by '*' in [databases] section - the database name can come from network thus making remote shutdown possible. Checksums-Sha1: 597fe8fb1dac2f98c38ca1f0d31a6c0811e99ecf 1999 pgbouncer_1.5.2-4.dsc a8bf08382ef8b6e876538fdf6124ba4103ad374d 7275 pgbouncer_1.5.2-4.debian.tar.gz e483a6ad763a008927f87f8f2628c3fd2afd2458 150598 pgbouncer_1.5.2-4_amd64.deb Checksums-Sha256: 1a5dfc1e806b81f56d95e0fdbbe054ac85bd24083b14c99a5ced706a8babdc01 1999 pgbouncer_1.5.2-4.dsc 6f78ceeb86889dfe1646269e4ea70e752944a389b37d4bac97f7c86dbed68e16 7275 pgbouncer_1.5.2-4.debian.tar.gz 7f05d6c80af84526cba319a154d31431c6661b4323bfa3fac990211e38472d14 150598 pgbouncer_1.5.2-4_amd64.deb Files: 77b1ff143f58478239a4bac3d0418e46 1999 database optional pgbouncer_1.5.2-4.dsc 6b45a0392a6c22e1f3b6f67fc18ba094 7275 database optional pgbouncer_1.5.2-4.debian.tar.gz 3480cf4748173f480976c37807d28f78 150598 database optional pgbouncer_1.5.2-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQk5UgAAoJEExaa6sS0qeuovYP/3mJtoqJ8XoFS2AjwhXTLOKo g7RPnuw4TFwP6Pv7mo5hWNQKrDtFOuljw/5gVEEHuN64AsdPahlvCJrii0CKdzrv /1PAU60ixKb2aHgvXii2+cdbGRQjb6Ntj/+JEUG8Z7YqQkNXdx1m5JnFZlo9DR/m qrl5h8Pk9k8ccNapatucUpECYo4xDTTlq18xFKZAFNa83s5AEgiYhZFlMN5o1hEk BsYGZxhoAnmyDD+vEZxFSPlcQVrGTvzGjVckjAPT9F2BJrRvE3WGQC7DKRi3oOR3 FpO5L5sKs0cdltHP4l5COm7eZySnmbNPVGWfNJZKiy16Rp543BPrRBJr03N49dx7 f882hK1eqn5R4H7skZ4Q89lIXr9sTHVr6G/Upw4d8QRpfaF4ut1x3D5c61DeliJ1 0HgRkGHC0r2RrnTa4J5IYuq3qsFMFNZXqFVrF/tFqA0AqLm5dhtJ+I47d/5bEIQq lQrujJcVaSJAb9pxXiw+tgdyhpICX9yX+5Hjr6o/d/NiZLJPhstdyuzzMe7N9Wwp aOLSIyaRp2spc4Wtr47L+k/J0jtXlt3goexZl5wJxo8jjHaAzZjQS8SIZTEenEYn LJBoOeRcLa5BEbRrvfAAxXqzVxup3juD97bkfIQSFTPsn/1y7VpBNZPD39fVTOkl pouZhcaPHH0TB7hguXMM =TBGL -----END PGP SIGNATURE-----
