[Git][security-tracker-team/security-tracker][master] The channelbinding option was introduced in version 42.7.4

Thu Jun 26 07:41:20 BST 2025


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46b0f68c by Abhijith PA at 2025-06-26T12:06:47+05:30
The channelbinding option was introduced in version 42.7.4
See tag 42.7.4-rc1
https://github.com/pgjdbc/pgjdbc/commit/7a65cf368a935757e5b4d9abed1a3eb7ff1f046e
In older versions it is explicitly mentioned that channelbinding is
not supported;

`.channelBinding(ScramClient.ChannelBinding.NO)`

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4237,6 +4237,8 @@ CVE-2025-49148 (ClipShare is a lightweight and cross-platform tool for clipboard
 	NOT-FOR-US: ClipShare
 CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until ...)
 	- libpgjava 42.7.7-1 (bug #1107696)
+	[bookworm] - libpgjava <not-affected> (Vulnerable code introduced in 42.7.4)
+	[bullseye] - libpgjava <not-affected> (Vulnerable code introduced in 42.7.4)
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54
 	NOTE: Fixed by: https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 (REL42.7.7-rc1)
 CVE-2025-48448 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b0f68c8e1221d859490ce61a1f2ce02ae1fb59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b0f68c8e1221d859490ce61a1f2ce02ae1fb59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/7aea9829/attachment.htm>
