Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1mu8MO-0008Oe-Pl
	for pgsql-pkg-debian@arkaria.postgresql.org; Mon, 06 Dec 2021 07:24:28 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1mu8MN-00019t-Mq
	for pgsql-pkg-debian@arkaria.postgresql.org; Mon, 06 Dec 2021 07:24:27 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <myon@atalia.postgresql.org>)
	id 1mu8MN-00019j-GL
	for pgsql-pkg-debian@lists.postgresql.org; Mon, 06 Dec 2021 07:24:27 +0000
Received: from mahout.postgresql.org ([2001:4800:3e1:1::227])
	by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <myon@atalia.postgresql.org>)
	id 1mu8ML-0004B9-4N
	for pgsql-pkg-debian@lists.postgresql.org; Mon, 06 Dec 2021 07:24:26 +0000
Received: from atalia.postgresql.org ([2001:4800:3e1:1::231])
	by mahout.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <myon@atalia.postgresql.org>)
	id 1mu8MK-0002Pc-Q7
	for pgsql-pkg-debian@lists.postgresql.org; Mon, 06 Dec 2021 07:24:24 +0000
Received: from myon by atalia.postgresql.org with local (Exim 4.92)
	(envelope-from <myon@atalia.postgresql.org>)
	id 1mu8MK-0007EK-Kg
	for pgsql-pkg-debian@lists.postgresql.org; Mon, 06 Dec 2021 07:24:24 +0000
From: apt.postgresql.org Repository Update <noreply@postgresql.org>
To: PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian@lists.postgresql.org>
Reply-To: PostgreSQL on Debian and Ubuntu
 <pgsql-pkg-debian@lists.postgresql.org>
Subject: pgbouncer updated to version 1.16.1-1.pgdg+1
Message-Id: <E1mu8MK-0007EK-Kg@atalia.postgresql.org>
Date: Mon, 06 Dec 2021 07:24:24 +0000
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Archived-At: 
 <https://www.postgresql.org/message-id/E1mu8MK-0007EK-Kg%40atalia.postgresql.org>
Precedence: bulk

The package pgbouncer was updated on apt.postgresql.org.

apt-listchanges: Changelogs
---------------------------

pgbouncer (1.16.1-1.pgdg+1) sid-pgdg; urgency=medium

  * Rebuild for sid-pgdg.
  * No source changes.

 -- PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian@lists.postgresql.org>  Fri, 26 Nov 2021 11:19:53 +0100

pgbouncer (1.16.1-1) unstable; urgency=medium

  * New upstream version.

    Make PgBouncer acting as a server reject extraneous data after an
    SSL or GSS encryption handshake.

    A man-in-the-middle with the ability to inject data into the TCP
    connection could stuff some cleartext data into the start of a
    supposedly encryption-protected database session.  This could be
    abused to send faked SQL commands to the server, although that would
    only work if PgBouncer did not demand any authentication data.
    (However, a PgBouncer setup relying on SSL certificate
    authentication might well not do so.)

    (Similar to CVE-2021-23214 in the PostgreSQL server.)

 -- Christoph Berg <myon@debian.org>  Fri, 26 Nov 2021 11:19:53 +0100

New version 1.16.1-1.pgdg+1:

pgbouncer         |  1.16.1-1.pgdg+1       |  sid-pgdg       |  amd64,  arm64,    i386,     ppc64el,  source
pgbouncer         |  1.16.1-1.pgdg120+1    |  bookworm-pgdg  |  amd64,  arm64,    ppc64el,  source
pgbouncer         |  1.16.1-1.pgdg110+1    |  bullseye-pgdg  |  amd64,  ppc64el,  source
pgbouncer         |  1.16.0-1.pgdg110+1    |  bullseye-pgdg  |  arm64
pgbouncer         |  1.16.1-1.pgdg100+1    |  buster-pgdg    |  amd64,  arm64,    i386,     ppc64el,  source
pgbouncer         |  1.16.1-1.pgdg90+1     |  stretch-pgdg   |  amd64,  i386,     ppc64el,  source
pgbouncer         |  1.16.1-1.pgdg21.10+1  |  impish-pgdg    |  amd64,  source
pgbouncer         |  1.16.1-1.pgdg21.04+1  |  hirsute-pgdg   |  amd64,  source
pgbouncer         |  1.16.0-1.pgdg20.10+1  |  groovy-pgdg    |  amd64,  source
pgbouncer         |  1.16.1-1.pgdg20.04+1  |  focal-pgdg     |  amd64,  arm64,    ppc64el,  source
pgbouncer         |  1.16.1-1.pgdg18.04+1  |  bionic-pgdg    |  amd64,  arm64,    i386,     ppc64el,  source
pgbouncer         |  1.15.0-1.pgdg16.04+1  |  xenial-pgdg    |  amd64,  i386,     ppc64el,  source
pgbouncer-dbg     |  1.15.0-1.pgdg16.04+1  |  xenial-pgdg    |  amd64,  i386,     ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg+1       |  sid-pgdg       |  amd64,  arm64,    i386,     ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg120+1    |  bookworm-pgdg  |  amd64,  arm64,    ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg110+1    |  bullseye-pgdg  |  amd64,  ppc64el
pgbouncer-dbgsym  |  1.16.0-1.pgdg110+1    |  bullseye-pgdg  |  arm64
pgbouncer-dbgsym  |  1.16.1-1.pgdg100+1    |  buster-pgdg    |  amd64,  arm64,    i386,     ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg90+1     |  stretch-pgdg   |  amd64,  i386,     ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg21.10+1  |  impish-pgdg    |  amd64
pgbouncer-dbgsym  |  1.16.1-1.pgdg21.04+1  |  hirsute-pgdg   |  amd64
pgbouncer-dbgsym  |  1.16.0-1.pgdg20.10+1  |  groovy-pgdg    |  amd64
pgbouncer-dbgsym  |  1.16.1-1.pgdg20.04+1  |  focal-pgdg     |  amd64,  arm64,    ppc64el
pgbouncer-dbgsym  |  1.16.1-1.pgdg18.04+1  |  bionic-pgdg    |  amd64,  arm64,    i386,     ppc64el

The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.