CVE-2024-45624:
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
Depends on packages which need a new maintainer
normal
The packages that pgpool2 depends on which need a new maintainer are:
The current maintainer is looking for someone who can help with
the maintenance of this package. If you are interested in this
package, please consider helping out. One way you can help is
offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #772047 for more information.
Among the 2 debian patches
available in version 4.5.5-1 of the package,
we noticed the following issues:
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.