pgbouncer 1.16.1-1 source package in Debian
Changelog
pgbouncer (1.16.1-1) unstable; urgency=medium
* New upstream version.
Make PgBouncer acting as a server reject extraneous data after an
SSL or GSS encryption handshake.
A man-in-the-middle with the ability to inject data into the TCP
connection could stuff some cleartext data into the start of a
supposedly encryption-protected database session. This could be
abused to send faked SQL commands to the server, although that would
only work if PgBouncer did not demand any authentication data.
(However, a PgBouncer setup relying on SSL certificate
authentication might well not do so.)
(Similar to CVE-2021-23214 in the PostgreSQL server.)
-- Christoph Berg <email address hidden> Fri, 26 Nov 2021 11:19:53 +0100
Upload details
- Uploaded by:
- Debian PostgreSQL Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian PostgreSQL Maintainers
- Architectures:
- any
- Section:
- database
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| pgbouncer_1.16.1-1.dsc | 2.2 KiB | c64d1f493b83eb2f12f9255d7ecdd2f1df89b12ee5db844b0f71abd2ee6bcdff |
| pgbouncer_1.16.1.orig.tar.gz | 577.6 KiB | 087477e9e4766d032b04b7b006c0c8d64160a54141a7bfc2c6e5ae7ae11bf7fc |
| pgbouncer_1.16.1-1.debian.tar.xz | 10.0 KiB | b4245e351a2611403d86cbae79b2e0622e2363413f4ff628084b93029d510c86 |
No changes file available.
