[Git][security-tracker-team/security-tracker][master] pgbouncer spu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 10 12:11:11 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9658e09a by Moritz Mühlenhoff at 2026-05-10T13:10:42+02:00
pgbouncer spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -138,15 +138,23 @@ CVE-2026-7652 (The LatePoint plugin for WordPress is vulnerable to Account Takeo
NOT-FOR-US: WordPress plugin
CVE-2026-6667 (PgBouncer before 1.25.2 did not perform an appropriate authorization c ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/97b5634be55d167a602b0bc0f09a8675997248a6 (pgbouncer_1_25_2)
CVE-2026-6666 (A possible null pointer reference in PgBouncer before 1.25.2 could lea ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/0564f937c0fd81378d67ddcb57b0c00abc0b0f8f (pgbouncer_1_25_2)
CVE-2026-6665 (The SCRAM code in PgBouncer before 1.25.2 did not check the return val ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/ab8dbb3b1a73b4a195062546e5e4f964b79f5b45 (pgbouncer_1_25_2)
CVE-2026-6664 (An integer overflow in network packet parsing code in PgBouncer before ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/ddc63c2175825bca9ef3c0a528280acaad76dbaa (pgbouncer_1_25_2)
CVE-2026-45130 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
- vim 2:9.2.0461-1 (bug #1136097)
=====================================
data/next-point-update.txt
=====================================
@@ -474,3 +474,11 @@ CVE-2026-6042
[trixie] - musl 1.2.5-3.1~deb13u1
CVE-2026-40200
[trixie] - musl 1.2.5-3.1~deb13u1
+CVE-2026-6667
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6666
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6665
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6664
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9658e09af9eb38dafc1c9b832b3ef204005e7591
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9658e09af9eb38dafc1c9b832b3ef204005e7591
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/d12f5bde/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list