-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 12:57:12 +0100
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: arm64
Version: 1.18.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Closes: 1103394
Changes:
 pgbouncer (1.18.0-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-2291: expired password can be used.
     Password can be used past expiry in PgBouncer due to auth_query not
     taking into account Postgres its VALID UNTIL value, which allows an
     attacker to log in with an already expired password (Closes: #1103394)
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 006a86888c793c41f6c87a926c4b5579028859b6 481540 pgbouncer-dbgsym_1.18.0-1+deb12u1_arm64.deb
 30ef706defb67b6f333f494c4b348af0af219a87 8422 pgbouncer_1.18.0-1+deb12u1_arm64-buildd.buildinfo
 af1cd7c0db6e676a992f133cf2df1ea4ba05c7cd 200204 pgbouncer_1.18.0-1+deb12u1_arm64.deb
Checksums-Sha256:
 917ec99fb035d2fa124ce86e474fa46522e50beda198b4ed4d8ee793e7bcb015 481540 pgbouncer-dbgsym_1.18.0-1+deb12u1_arm64.deb
 1f2bd114fcbd9e52a0ead6e1c98902d12f5fe133f87f9f7fa612f3c365814b6a 8422 pgbouncer_1.18.0-1+deb12u1_arm64-buildd.buildinfo
 7d76005d6eca8a4930014629873e3968c7919d4ef7264bbf5e270bee004248eb 200204 pgbouncer_1.18.0-1+deb12u1_arm64.deb
Files:
 37abe4efc6fcedf60779411dcbe54a73 481540 debug optional pgbouncer-dbgsym_1.18.0-1+deb12u1_arm64.deb
 c75360b0444079145f285f06fecac1a9 8422 database optional pgbouncer_1.18.0-1+deb12u1_arm64-buildd.buildinfo
 21fa1afd8fc230783e5b5e666fa3fd09 200204 database optional pgbouncer_1.18.0-1+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmlW8mMACgkQOQKMdMnE
H5N67w//csnCtLmHeNyacjgnD0+otgZWV1oD/Bgwv8MlylTf3AogShahqnJq+2o5
zWlsHvBc5H3vHjwF+LSplXWwaE78aqQ4wBwyIhGhoEj3v1v+JpV34aczvjE0+0WX
gm1jVtBTSizGq/5DdmIEGazqcULXvgOe6gccO77tLY9I9WsSjXG9DKRpGlJr8+9S
hggoqOYs86awuVhhtvCorMS5o1uoDwjk1q+tq5Eiiba2ARRZ3rZGQnTqfH0FAcwk
v6vdhGWlGxNpiMGR87F20RXH9xFu2dV6GXT4C2vsOEb2o2BJIuuj4lAfWnhV/Cty
I/paR5+Vdk5pFF6PWlQFiHdVo4nqVjVOkTig/Bt/494c+TG6Q2L4skg/wzATqx1y
yfB0LJGHWlzSLfEdtPeCRhbfIUKEY0Et1Q26R0ir1DZ8plyPtkQ3Vo2gGoyEG1PY
mouKzkQq+hMkW+soxG75az49R6UGUD7qwxlARwRxUo8swdI5rEH6ZYgYOjvOyJPt
3BRoMxmzCW25VF6UF1X91pNtpFUf0VhzPXYo9mZmH6TDIu6EhU9EBSZh3vt1Aniv
6XwLECK3Q9OcNrxXi4IOG8KE37WzqdHXYOJJbcG1keAmtWMX6hzITpejVxwhB+CU
EoDnJmO0oYAlpNdCo1OGvSjLRP+kUP8jeX3GARsNtknpTxINM6I=
=nORQ
-----END PGP SIGNATURE-----