public inbox for [email protected]
help / color / mirror / Atom feedFrom: apt.postgresql.org Repository Update <[email protected]>
To: PostgreSQL on Debian and Ubuntu <[email protected]>
Subject: pgbouncer updated to version 1.16.1-1.pgdg+1
Date: Mon, 06 Dec 2021 07:24:24 +0000
Message-ID: <[email protected]> (raw)
The package pgbouncer was updated on apt.postgresql.org.
apt-listchanges: Changelogs
---------------------------
pgbouncer (1.16.1-1.pgdg+1) sid-pgdg; urgency=medium
* Rebuild for sid-pgdg.
* No source changes.
-- PostgreSQL on Debian and Ubuntu <[email protected]> Fri, 26 Nov 2021 11:19:53 +0100
pgbouncer (1.16.1-1) unstable; urgency=medium
* New upstream version.
Make PgBouncer acting as a server reject extraneous data after an
SSL or GSS encryption handshake.
A man-in-the-middle with the ability to inject data into the TCP
connection could stuff some cleartext data into the start of a
supposedly encryption-protected database session. This could be
abused to send faked SQL commands to the server, although that would
only work if PgBouncer did not demand any authentication data.
(However, a PgBouncer setup relying on SSL certificate
authentication might well not do so.)
(Similar to CVE-2021-23214 in the PostgreSQL server.)
-- Christoph Berg <[email protected]> Fri, 26 Nov 2021 11:19:53 +0100
New version 1.16.1-1.pgdg+1:
pgbouncer | 1.16.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.16.1-1.pgdg110+1 | bullseye-pgdg | amd64, ppc64el, source
pgbouncer | 1.16.0-1.pgdg110+1 | bullseye-pgdg | arm64
pgbouncer | 1.16.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el, source
pgbouncer | 1.16.1-1.pgdg21.10+1 | impish-pgdg | amd64, source
pgbouncer | 1.16.1-1.pgdg21.04+1 | hirsute-pgdg | amd64, source
pgbouncer | 1.16.0-1.pgdg20.10+1 | groovy-pgdg | amd64, source
pgbouncer | 1.16.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.16.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el, source
pgbouncer | 1.15.0-1.pgdg16.04+1 | xenial-pgdg | amd64, i386, ppc64el, source
pgbouncer-dbg | 1.15.0-1.pgdg16.04+1 | xenial-pgdg | amd64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg+1 | sid-pgdg | amd64, arm64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg120+1 | bookworm-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg110+1 | bullseye-pgdg | amd64, ppc64el
pgbouncer-dbgsym | 1.16.0-1.pgdg110+1 | bullseye-pgdg | arm64
pgbouncer-dbgsym | 1.16.1-1.pgdg100+1 | buster-pgdg | amd64, arm64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg90+1 | stretch-pgdg | amd64, i386, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg21.10+1 | impish-pgdg | amd64
pgbouncer-dbgsym | 1.16.1-1.pgdg21.04+1 | hirsute-pgdg | amd64
pgbouncer-dbgsym | 1.16.0-1.pgdg20.10+1 | groovy-pgdg | amd64
pgbouncer-dbgsym | 1.16.1-1.pgdg20.04+1 | focal-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.16.1-1.pgdg18.04+1 | bionic-pgdg | amd64, arm64, i386, ppc64el
The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgbouncer updated to version 1.16.1-1.pgdg+1
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox