-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 04 Sep 2015 16:48:18 +0200 Source: pgbouncer Binary: pgbouncer Architecture: source amd64 Version: 1.6.1-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: pgbouncer - lightweight connection pooler for PostgreSQL Changes: pgbouncer (1.6.1-1) unstable; urgency=medium . * Security fix release: New auth_user functionality introduced in 1.6 allows login as auth_user when client presents unknown username. It's quite likely auth_user is superuser. Affects only setups that have enabled auth_user in their config. Checksums-Sha1: 09a4c73b5a89094e08a06e9e7cc871aa754055fe 2104 pgbouncer_1.6.1-1.dsc 4abeee4965a26197e2c193d6bfb01eef46aa72a8 431076 pgbouncer_1.6.1.orig.tar.gz 69c06bd5b039cdbdedec65551436a3f71d4a5047 8716 pgbouncer_1.6.1-1.debian.tar.xz 32439aacfa2f8c6a52fcc277cbff49ea1888829c 140140 pgbouncer_1.6.1-1_amd64.deb Checksums-Sha256: 60c1a9d7a2f6fe9145ddde1c70e05fa563480d156ecff17277171c3ee858e75a 2104 pgbouncer_1.6.1-1.dsc 40ff5cd84399b4da3ba864ad654fe155a0ed085261e68f3e31b1117812b17056 431076 pgbouncer_1.6.1.orig.tar.gz 50d8b51cd06c7b7f85d1d2b78f458d95d0ba6310b6b5714cbdaf68cec65c0ad9 8716 pgbouncer_1.6.1-1.debian.tar.xz 098a93847d001a2f40e1f51a9961847a6e88dbbd948ac83c8388aa3c03014ad8 140140 pgbouncer_1.6.1-1_amd64.deb Files: ff19e1250359a011fae77f019205af98 2104 database optional pgbouncer_1.6.1-1.dsc 3b26ba239d54b28b5e5c4c7e6bf9e49d 431076 database optional pgbouncer_1.6.1.orig.tar.gz a45d6fb386e16b97fe33ac0c671ab747 8716 database optional pgbouncer_1.6.1-1.debian.tar.xz 75bafab1eb92b4da854bf02b228b2db9 140140 database optional pgbouncer_1.6.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV6bDRAAoJEExaa6sS0qeuKeQP/jWWQ5pwaCQ3FHfRzzsmANRZ agqnbFeFVS83OBLVmYaXq32HTjZJ1e7FgabAGOupC+55DrL/bioPmOooAl3sw3bl qH518+mPWvlItKe1nf0an4AYXy3hVFp2QnZgJGgD/lkIeLYha79uHPcRvDVazvoD u2AYjQ7/zFWhLDJQNAjVAkJcNPPqbeUVAWsBxHc7n7E4KSwL5VOtxu51MEuC1j5w 0sEir8x50PMnDbmSoVO7RN73Bsr176rQn1NU1nz+2h1C223CUIz0wUzuRPum2ATJ QXES6XCjMs39qlEvHYirbIQzQCKLkUjjNetbY5B4YlB84M1E0uNaKVth1g86D83N 4dhtjNiDNIilb2EDeofONG2K2hdQ/5MDNrIaWEYSNch/DbT4ZQKSHv7NxX3NDML5 6OSqdYnAVYiQiUmgCNvRwZuOnQnhhzZ4un+mSdL4NF7fnW1txgc3TN8bA+LmVFx1 cXscO0/75VhHEsWSW0cUIEdMd289ZyzJAtGUOCbs5uSIGQxTkdcgFpjLqS0cYjrW OpfefugzfZY8TyAHY0nDGpuOdZNFxaaFabrSHBGW5A/7qmEPoKwGV8HDnwzzAyGi KYNAya6O9IeekT+ArVXlkvkMzxlZXukjzntw3dNnl3g6v2j4VeCLZnLHb7R1XDO1 CbK4WiGcti6HGTCFq/5e =W+sM -----END PGP SIGNATURE-----