-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 13:52:56 +0100
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: s390x
Version: 1.24.1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Changes:
 pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 f362b648ef7ad38b78cc045fc6a5b3f9e31f7c8a 580480 pgbouncer-dbgsym_1.24.1-1+deb13u1_s390x.deb
 e55b24107a329477ea6570ccd8713ade922d0f9d 8630 pgbouncer_1.24.1-1+deb13u1_s390x-buildd.buildinfo
 8d90db9c421c3da8e186fbda597f4cbc1bdf7cf1 242960 pgbouncer_1.24.1-1+deb13u1_s390x.deb
Checksums-Sha256:
 8337d438831ae3a66d7f1d23f7c1639c2b770bc5233ad2b17e0993dbd8eed1c7 580480 pgbouncer-dbgsym_1.24.1-1+deb13u1_s390x.deb
 72d1c75da872dfd44abef90b54e66fbd2e4628d6473c2ce2306d2f12cf0cbaec 8630 pgbouncer_1.24.1-1+deb13u1_s390x-buildd.buildinfo
 04d9c9d058183ed8ea59b12740521474c05967cbe2ed47c62858af0de1d71e4b 242960 pgbouncer_1.24.1-1+deb13u1_s390x.deb
Files:
 43fbbd1f0af72590345314e5ea67ba7e 580480 debug optional pgbouncer-dbgsym_1.24.1-1+deb13u1_s390x.deb
 d10fb531d97f7bcbd0cb9159e1e304ea 8630 database optional pgbouncer_1.24.1-1+deb13u1_s390x-buildd.buildinfo
 0c2cb276e01bf0067aff382fe6fad4a3 242960 database optional pgbouncer_1.24.1-1+deb13u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmlXAT0ACgkQvVOPI7pY
Npj6zhAAh6AanPYfgqXYBEioOz4G+GOxP1DbzFhZPW3s8IfRg4zk5BVrQrrUMjfS
lWtJiuFeKHvwCkZM500FvnIE+rPfdGG/OIUfxzxaGbLd4d2b9/VT5JNQRVsbvWZa
0c11z+opckNY9JM16OhLpSDcWVjPNmq8SqrsEP/kHoy5CCrSDSRiqFHvLBkP0aih
aOywba7lNcrA3Zr0MO7scjI1GuqjuV88oxWN2R3Ulob4owdPbygfacv1C7RWUIy6
Sy0z+Y1NLYKPVVB057voHmL3BRDX8YTSh5dHejuVj1IojSCDmFh4B2dS9P29Usg4
55jaJzRMRkIHdQ9u0cVbYrT8a/Ot8wP23s9zBWY/E9webTecNJc5+s536TdIuDyQ
4LH3fPgx4z2wLzwuczq6w0TZj9ndkCN0/svkbGEIC8NbPdYV/BPVQScymaMiRqMx
pvgRvR/e8Kxg11wTZwb3Lpquqpggz397h2un8ziVpr5q8n/IM0d3ShK8ri3rcQ0A
/wK7C8QepvAjIYxncUVjA8B/35UiQHNFidxDSn3KYIFHnQyl5LQYv43yLBnAuH7X
YtWChLWHQfUQAaFoveJGeMbRbmKpbm83Y0KPSRLL8JiM64vwncMCgUFeezBLu1Qg
N5QMezzTff0XuBhERlILGH3aZw+dAvZmeBsLUdA2j2+87P4xHk8=
=afId
-----END PGP SIGNATURE-----