-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 May 2026 11:44:27 +0200
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: ppc64el
Version: 1.24.1-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Changes:
 pgbouncer (1.24.1-1+deb13u2) trixie; urgency=medium
 .
   * Security update.
       * Fix CVE-2026-6664: An integer overflow in network packet parsing code
         in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a
         crash. An unauthenticated remote attacker can crash PgBouncer with a
         malformed SCRAM authentication packet.
       * Fix CVE-2026-6665: The SCRAM code in PgBouncer before 1.25.2 did not
         check the return value of strlcat() correctly when building the
         contents of the SCRAM client-final-message. A malicious backend that
         sends a SCRAM server-final-message with a long nonce can trigger a
         stack overflow.
       * Fix CVE-2026-6666: A possible null pointer reference in PgBouncer
         before 1.25.2 could lead to a crash, if a server sends an error
         response without SQLSTATE field.
       * Fix CVE-2026-6667: PgBouncer before 1.25.2 did not perform an
         appropriate authorization check for the KILL_CLIENT admin command. All
         users with access to the administration console (which itself requires
         authorization) could run this command. It would have been correct to
         allow only users listed in the admin_users parameter.
Checksums-Sha1:
 ac76ecc6e41911b4263cf25f75b971a73ac1b60e 596152 pgbouncer-dbgsym_1.24.1-1+deb13u2_ppc64el.deb
 5243cb3e87403edb1bcbf3a5ab6eed2327cce3cb 8835 pgbouncer_1.24.1-1+deb13u2_ppc64el-buildd.buildinfo
 9869db18c45873cebe8e478e71a7c3417536949a 264696 pgbouncer_1.24.1-1+deb13u2_ppc64el.deb
Checksums-Sha256:
 f8ca6e9eac16f81550a1b6a6c8bf694d327490299d8873ed04678d298cc968c1 596152 pgbouncer-dbgsym_1.24.1-1+deb13u2_ppc64el.deb
 a418b9deecf65fae16c28fe1698403beccbb5a974997c6734f4502d96bd7ee23 8835 pgbouncer_1.24.1-1+deb13u2_ppc64el-buildd.buildinfo
 825d681c122c319dfec7688b099cfd5cbe1704a4d869a72477e8a634daf0744e 264696 pgbouncer_1.24.1-1+deb13u2_ppc64el.deb
Files:
 b69084cb52d1425050950389cfd76b92 596152 debug optional pgbouncer-dbgsym_1.24.1-1+deb13u2_ppc64el.deb
 14c15bdce2be9bce23fcc12740195fa1 8835 database optional pgbouncer_1.24.1-1+deb13u2_ppc64el-buildd.buildinfo
 22db0757d5914473694191be30388949 264696 database optional pgbouncer_1.24.1-1+deb13u2_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETLpi2USYGUNSlYhoNINNphgym2QFAmoAvAwACgkQNINNphgy
m2QIoQ//Vp5FvfoUqQBW3dfXr/q7X87qDGea8UyDWR1cKVu5J2ztMSb9orMXv8Pz
6P1ZAR2q/An3aSqIUulc084KOut9UopTS9wzr3YK+0suhKtCpc7N1nhB3wifY+9T
4+aevMxhyWqeAZLUL8fJDMpoTqrzx1Q4NIxHbQ1CWREbNfApJbRQuXFyN1Merl5V
sMY+w4FVd4hTG8EJvUFp6p+JC4Sb6Tz8OhHwCWsf2UOmT6VmCPmDaQwjDLsPTq67
vWBya6R97weedjqU7t3ryXabRHmb0iUKgGzg4NyVsaoo9wDBVo2B7w59cSK5iLqZ
mHy9WtNC8qk4QfdsBNkZcqxk1xHW0SnbvT/d+XkPlqw+epzx7f2GagWVtiQ4Uoyg
Ol402z8a6f9+sirwLjfXI8aKVoHe5N2zOkSkq8OTesJ4z1hZsYSujScPhuVl2Wyq
AZ6UbeiqxVdPrsgZed1a02Dj6R4e0RPX16MvfNYZJgs4eiyvACEaE0XaFGpPU6D4
53dO+1lKadU7FtzJ7YhvbvEFXVgoroIRuskhpnM7hD7JBC2iKcZ+FMrjK6OVcNa0
nMwW61Zl9UfUDR3vxqu+Tcm3A6pHie/nD9pkOyvvHWxAuLgoobqJPTqw7iq8m60z
NHIV38ZxKg1mcMEEPfCt+NJaNd/aktrv1QLXjGNhS5bhX/tIRro=
=/I7d
-----END PGP SIGNATURE-----