-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: pgbouncer Binary: pgbouncer Architecture: any Version: 1.6.1-1 Maintainer: Debian PostgreSQL Maintainers <[email protected]> Uploaders: Bernd Zeimetz <[email protected]>, Christoph Berg <[email protected]>, Peter Eisentraut <[email protected]> Homepage: http://pgfoundry.org/projects/pgbouncer/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-postgresql/pgbouncer.git Vcs-Git: git://anonscm.debian.org/pkg-postgresql/pgbouncer.git Testsuite: autopkgtest Build-Depends: cdbs, debhelper (>= 9), libevent-dev (>= 1.3b), asciidoc, autotools-dev, xmlto, python Package-List: pgbouncer deb database optional arch=any Checksums-Sha1: 4abeee4965a26197e2c193d6bfb01eef46aa72a8 431076 pgbouncer_1.6.1.orig.tar.gz 69c06bd5b039cdbdedec65551436a3f71d4a5047 8716 pgbouncer_1.6.1-1.debian.tar.xz Checksums-Sha256: 40ff5cd84399b4da3ba864ad654fe155a0ed085261e68f3e31b1117812b17056 431076 pgbouncer_1.6.1.orig.tar.gz 50d8b51cd06c7b7f85d1d2b78f458d95d0ba6310b6b5714cbdaf68cec65c0ad9 8716 pgbouncer_1.6.1-1.debian.tar.xz Files: 3b26ba239d54b28b5e5c4c7e6bf9e49d 431076 pgbouncer_1.6.1.orig.tar.gz a45d6fb386e16b97fe33ac0c671ab747 8716 pgbouncer_1.6.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV6bDRAAoJEExaa6sS0qeuirwP/1c65hEVEndSw6CHi5ZUDXIc 8Y4bFldxfTisASK+6HX/tXMLy5Oo1C3BUeQTUgydSGar3LQ7SvTpcMOlDgF6e2P/ JiNCvBTZq84XgvARAeBOYP0o8IpxrPyqamM3L3znx/qomRYimLGT9AQbG0x0bsU8 bRmDNsbfJG3SNuFSVn+hWYos9pzNQZx9xtJafenxlxiA4OoN1zKu2J4aK+0FQg0R 0bbZ6ePSntaJAX/a++xWwqiCh6W/jSbh8LROZ+RyITXr312XOaSEQZQYQydbotD1 vgejV9Q78Cx4ocs5dY+kY9yz68h4x2jRypE0aOrYv/OrBVE/Z0LJ4yaHcCjShuih tES1d2n2DVI1q24CSPS+qKS7J0wbe5ivWgItBXBfiL8poCxZeobsHJZHq2y7QvlO TlA/jjiSX/v18YwIMhZenR+VgPDmQMOKFqygoH5eFXG7p8jVJOz+btyc0JS//Ute xBJKROlxPQR+ABNXlXHBErPuNzKHx6jU+dBz+jQuX5Z5SdBo7YHddpXETeF/ZZgR /DJF9Oq+DVTDkW8cKpBrmRY2G20GyxQqzPyf8JUXazixqjLivtaBgzM7cHA2czMS QEIWFV9UoVL11Loop+reee5sKrqk+y26QmOA2Fa4o/DabUpIqndvC0pmpgCz9tbX 1W1JCeozxRHyLMMnjcH3 =HjDf -----END PGP SIGNATURE----- Changes: pgbouncer (1.6.1-1) unstable; urgency=medium * Security fix release: New auth_user functionality introduced in 1.6 allows login as auth_user when client presents unknown username. It's quite likely auth_user is superuser. Affects only setups that have enabled auth_user in their config. -- Christoph Berg <[email protected]> Fri, 04 Sep 2015 16:48:18 +0200
