-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 13:52:56 +0100
Source: pgbouncer
Architecture: source
Version: 1.24.1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Changes:
 pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 bbba21571369a67928f0104d6dcdd2b3c8969d81 2536 pgbouncer_1.24.1-1+deb13u1.dsc
 e25d554d38c3dbacbfc33cc2f2e3c8faef06634f 717796 pgbouncer_1.24.1.orig.tar.gz
 b740f9b28533bfdaa8829f9e8c66f82cfebb0793 13448 pgbouncer_1.24.1-1+deb13u1.debian.tar.xz
 801438c0e9552603e95d6475d27130d5575996f9 7131 pgbouncer_1.24.1-1+deb13u1_source.buildinfo
Checksums-Sha256:
 1c1ca4b7a3380be239855b7691b77c4962ca4a4d44b7ef6603ca07a23dd8e227 2536 pgbouncer_1.24.1-1+deb13u1.dsc
 da72a3aba13072876d055a3e58dd4aba4a5de4ed6148e73033185245598fd3e0 717796 pgbouncer_1.24.1.orig.tar.gz
 7a9e4d2f243e16b9b53dc16ffa659228a3e11ab067df77380eeb323b44f63992 13448 pgbouncer_1.24.1-1+deb13u1.debian.tar.xz
 81b8e9bab0eff717286f567c79a93ceba5afb1d33da0a39a9fd39d0762631323 7131 pgbouncer_1.24.1-1+deb13u1_source.buildinfo
Files:
 c176c0ffb3d9e33572cad7cebac08c82 2536 database optional pgbouncer_1.24.1-1+deb13u1.dsc
 434cbb2db9034d358dddf525e0e5a3dd 717796 database optional pgbouncer_1.24.1.orig.tar.gz
 9a2e7679fb6791138b13ffb7e146695c 13448 database optional pgbouncer_1.24.1-1+deb13u1.debian.tar.xz
 cefa0a0f3fd9d09b0868644fc4ed056b 7131 database optional pgbouncer_1.24.1-1+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmlWsE8ACgkQC8R9xk0T
UwZQLhAAjJBXBuWMkL4Y8E1r/DN11iuCaUeFuFuH/Q7S4VqW6IAZO8h+LXB6zWol
vIP3NXjEGuzySQYTDvt4LgCL6XP31Tyodkut7edBlItX3Df21ma4BDpAuzcwMEDu
CNTkqnILmaWPDhAfzw3k6GE98dwYWS0yAz4WpyEhMhG9ucWBbKTvMk8+6vS0Adoa
5VmoaMQBtL+z5N1ECMXLLNfJlIwrFgLbxQJ3KmQxeDw3IGGxn5d3Xersgkg/lTZ4
5y90BiYPo1vF6BkxPoaw6KLuoHkbZjZXejI7+QLie1X/Z/N5PoRBoBqRQktZOI0L
Rs7MJ6gYg3xG5En/99Jnzhvk7Gw5Z2nFk2TYj4/gj0uurQ8541sDwTZGDl347Lk2
hiF8a0eqWSXExA480xytPMokrsy5+N5P15ELWkbMNVckLpYsJ0j241VjXVfj4r1T
lj25tMhK5LkSI/FMs2P9du+gh1xD6bkNML8jgawTVKeHxVe3U0+iJD+1WMT/6kLw
55Y+vnvxQqzI5ASARELOk8pC6bEcH0VNUGkl++r1x5+kPWKxDFIPstB6NzW6PHB4
/u5fvtlCq8be9x79hqBsVBms0yfWnL4zhf6bXaoA1LK53Z7EKByRlUjvZ9PjdBI3
pjKPmQYMsNkLemsJgfrg2iPC4+WIUtIYy4g0qCqKbwUPVFztnWk=
=/oZL
-----END PGP SIGNATURE-----