-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 12:57:12 +0100
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: armel
Version: 1.18.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Closes: 1103394
Changes:
 pgbouncer (1.18.0-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-2291: expired password can be used.
     Password can be used past expiry in PgBouncer due to auth_query not
     taking into account Postgres its VALID UNTIL value, which allows an
     attacker to log in with an already expired password (Closes: #1103394)
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 759c23009a0082d4d0c62acddd00999f281e39af 484728 pgbouncer-dbgsym_1.18.0-1+deb12u1_armel.deb
 b4cff65d7b07e31e938972ac971f7545e8dde7d9 8264 pgbouncer_1.18.0-1+deb12u1_armel-buildd.buildinfo
 1027fb9d568a040a2958586fa76a1b87076ab414 187836 pgbouncer_1.18.0-1+deb12u1_armel.deb
Checksums-Sha256:
 803ca59ab4375fab63ad62b27c984af5365d3054e5dbb30c4e13511f1b273477 484728 pgbouncer-dbgsym_1.18.0-1+deb12u1_armel.deb
 94937b00206647e2666eefece15e5150e63c3d268dd2544cae1172d571a1b8ad 8264 pgbouncer_1.18.0-1+deb12u1_armel-buildd.buildinfo
 ddf6051878dfbea033b151ae88bd88de607535bff81237997710987e8647e448 187836 pgbouncer_1.18.0-1+deb12u1_armel.deb
Files:
 8ef85455006455c83d62cd8fd2251bf2 484728 debug optional pgbouncer-dbgsym_1.18.0-1+deb12u1_armel.deb
 d8bd797ba2cfd545afe2af2a61ab3cf1 8264 database optional pgbouncer_1.18.0-1+deb12u1_armel-buildd.buildinfo
 49006ec82d37694dbb24af72e048237b 187836 database optional pgbouncer_1.18.0-1+deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAmlW8mMACgkQVza3l394
K2B2HhAAqqNnib18If/cgfaKxe7u3yF0Oux5PAJDFUhF2w/ite/eQUhSmg4jFYoL
Hr174Km7rTqOKjOQDMBnt8rmHktpWTKcAWThm017AnUpRc1XbQnzGi4d8tPnq88a
KNyhlrBFTLmATg2fuKVVcxhf9foNi4lGC5IFJ9w2uSwgfiZ1WUTB+TmEB2ltsBvf
WPzeLYgWUh2MiWcr/XBMyM2zV780P04f3s1pRzXTjQY/uEuTM5eshWvchltTHeis
8BdrNtrj53cyKD3pdvg1aVm/XEbGsPmojtxIyrPesDU1k+MmWTK6K/i/3jXBEXEk
k1AkoaodDJ4diR9tKhmLBlqKU+ehylBno8lQFMnLKtfoyf7Y3AJ8vgbDvUL6/2+p
LfIdsuGivIhG4Ck+c98kpQ3IkhixQyVV+5KzIHf6e0xuzWTttb9tN8YwuS2Qn3vn
gwSXaUENBI3jCsJ/fNP810uRWmLxoJkFay4KF+gnC967jcG4m63vcbE4T2IoQbLk
7vPhmpV2DOl82DB/5GNN9r4B7TDu9nj0Ko/yj4g7dMAsn5Z3/L5DzsbGFsHBl/Kn
IQMWqzRug1UOoRVZeSe6C2ZeeEnUa+ZtaqpBfGQwDfS7QhXjvgCi8H6htchCA04w
AURr3w3oHiWiIcGECFaT1gW4SvmyJZA7F28ooX9LkIyYmpootnQ=
=tRRE
-----END PGP SIGNATURE-----