| From: | apt(dot)postgresql(dot)org Repository Update <noreply(at)postgresql(dot)org> |
|---|---|
| To: | PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | pgbouncer updated to version 1.25.2-1.pgdg+1 |
| Date: | 2026-05-09 15:39:44 |
| Message-ID: | E1wLjmK-00000001T6K-0q8C@atalia.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
The package pgbouncer was updated on apt.postgresql.org.
apt-listchanges: Changelogs
---------------------------
pgbouncer (1.25.2-1.pgdg+1) sid-pgdg; urgency=medium
* Rebuild for sid-pgdg.
* No source changes.
-- PostgreSQL on Debian and Ubuntu <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> Sat, 09 May 2026 14:09:02 +0200
pgbouncer (1.25.2-1) unstable; urgency=medium
[ Bradford D. Boyle ]
* New upstream version 1.25.2.
- Security
* Fix CVE-2026-6664: An integer overflow in network packet parsing code
in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a
crash. An unauthenticated remote attacker can crash PgBouncer with a
malformed SCRAM authentication packet.
* Fix CVE-2026-6665: The SCRAM code in PgBouncer before 1.25.2 did not
check the return value of strlcat() correctly when building the
contents of the SCRAM client-final-message. A malicious backend that
sends a SCRAM server-final-message with a long nonce can trigger a
stack overflow.
* Fix CVE-2026-6666: A possible null pointer reference in PgBouncer
before 1.25.2 could lead to a crash, if a server sends an error
response without SQLSTATE field.
* Fix CVE-2026-6667: PgBouncer before 1.25.2 did not perform an
appropriate authorization check for the KILL_CLIENT admin command. All
users with access to the administration console (which itself requires
authorization) could run this command. It would have been correct to
allow only users listed in the admin_users parameter.
- Fixes
* Clarify documentation of default_pool_size parameter.
* Correct documentation regarding client_tls13_ciphers and
server_tls13_ciphers.
-- Christoph Berg <myon(at)debian(dot)org> Sat, 09 May 2026 14:09:02 +0200
New version 1.25.2-1.pgdg+1:
pgbouncer | 1.25.2-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg26.04+1 | resolute-pgdg | amd64, source
pgbouncer | 1.25.1-1.pgdg26.04+1 | resolute-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg25.10+1 | questing-pgdg | amd64, source
pgbouncer | 1.25.1-1.pgdg25.10+1 | questing-pgdg | amd64, source
pgbouncer | 1.25.2-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.2-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el, source
pgbouncer | 1.25.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el, source
pgbouncer-dbgsym | 1.25.2-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg26.04+1 | resolute-pgdg | amd64
pgbouncer-dbgsym | 1.25.1-1.pgdg26.04+1 | resolute-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg25.10+1 | questing-pgdg | amd64
pgbouncer-dbgsym | 1.25.1-1.pgdg25.10+1 | questing-pgdg | amd64
pgbouncer-dbgsym | 1.25.2-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.2-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
pgbouncer-dbgsym | 1.25.1-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | apt.postgresql.org Repository Update | 2026-05-11 08:59:21 | mobilitydb updated to version 1.3.0-1.pgdg+1 |
| Previous Message | apt.postgresql.org Repository Update | 2026-05-07 11:25:12 | pgwatch updated to version 5.2.0-1.pgdg+1 |