-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 13:52:56 +0100
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: arm64
Version: 1.24.1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Changes:
 pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 bb6345e928ce748fee0c5492266d9bcbc1a8c69b 570684 pgbouncer-dbgsym_1.24.1-1+deb13u1_arm64.deb
 1a6e23a4679074c971769ac770af6598459b5876 8755 pgbouncer_1.24.1-1+deb13u1_arm64-buildd.buildinfo
 f9535bf310ae82e1f4b8a67c6f8492a1cd0f6c51 238368 pgbouncer_1.24.1-1+deb13u1_arm64.deb
Checksums-Sha256:
 57757424fcb43330f49b793d8e8866304790b976d4448cbe1f18e2c1d4c48c9e 570684 pgbouncer-dbgsym_1.24.1-1+deb13u1_arm64.deb
 a82540874c31b8d1a8946e40b91e96f8a6def7e8cc401aadb06ac24e03df1b05 8755 pgbouncer_1.24.1-1+deb13u1_arm64-buildd.buildinfo
 f366b66c0dba2ab8dbc04b93761133142d39dc85c0ef03a6ca10f5988fe0c485 238368 pgbouncer_1.24.1-1+deb13u1_arm64.deb
Files:
 f76ac54f8b8d6c6708f9937016434301 570684 debug optional pgbouncer-dbgsym_1.24.1-1+deb13u1_arm64.deb
 3f77c73d060b042c2e95accf727a5d29 8755 database optional pgbouncer_1.24.1-1+deb13u1_arm64-buildd.buildinfo
 45c32baea167a910784f7fe143a32108 238368 database optional pgbouncer_1.24.1-1+deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmlW81cACgkQCr/D/stJ
kDxuAhAAj7S/6gTO9BY1V7MrAfIIpBdYKNSowlE4C7ZkPTmEc5OSpawMfsFklyTm
Y1lwQOC/VLLbjTyaqHqh6lAAk37FFejdALhCOqtPs3F81BrnoAIOHWc4ETJMsC9L
rG5q6K9e8iipn7cVral8Yj/F8Nvg122LsF2JCdwoWL2n47vG8Hxqyz+Gidmcn/A2
RgiNQ9mAARv1PJhCQdvtb9wB/RDWzwj7/CqPHkVE03uXOtOne3lmx2gpWmgPgOyC
BPU0ky21GzGSaSL5pyVxaqqCeaHLYH2AuFtUQwXEgg1Kk7/rxUEEP+obpB/ArA4h
PJCQw5GR5D9jgoJ7OPj+uO3gF6iY1UmAcYzBq1CM9lrtFzwCb+2Sw/tWmcGfjFV6
VFNSYSALR9Z6B22HNlm5jMkwGBkalydiduBDXxlea/EaPYq93kTlSEoo1VNv6m1N
tklfmYxYnBEEj3nbRb8Kkb+QJG030/xaI2j1Abj8jHNTTTi2v1U2rBqv7d0h5m4e
RZReiKcelUQoipEM/i4hJ6j9CBvFLXXEppK7BUlPy3Qv1ezXCCs+Qfy+dvlwMGaH
gdYv2Ycx3q64000e5AjKizdgzThywMFvz3yxzDU7VZ7y67PP71VE8WSr4SFV7lh1
8tI3jgyDZn737z+4BfEyNSTFtgjZqUCLPBp/WkJdKqVmqMrRNro=
=llcE
-----END PGP SIGNATURE-----