libpgjava_42.7.7-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Jun 13 14:49:22 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 Jun 2025 15:26:53 +0200
Source: libpgjava
Architecture: source
Version: 42.7.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Christoph Berg <myon at debian.org>
Changes:
libpgjava (42.7.7-1) unstable; urgency=medium
.
* New upstream version 42.7.7.
Fixes CVE-2025-49146: When the PostgreSQL JDBC driver is configured with
channel binding set to required (default value is prefer), the driver
would incorrectly allow connections to proceed with authentication methods
that do not support channel binding (such as password, MD5, GSS, or SSPI
authentication). This could allow a man-in-the-middle attacker to
intercept connections that users believed were protected by channel
binding requirements.
Checksums-Sha1:
09e4468b9fbdbce67aa566e3568bfdc5df75bf36 2420 libpgjava_42.7.7-1.dsc
bf95dc7a9ab835185b80bff3283eb903d6735753 1052965 libpgjava_42.7.7.orig.tar.gz
55d542519dd8f213d932f5a2284f39bae40e3f32 10480 libpgjava_42.7.7-1.debian.tar.xz
Checksums-Sha256:
a983ffa7cdd966c2044e5ef2c71815a70b275dde7e92b2418471a9426ac13d0e 2420 libpgjava_42.7.7-1.dsc
216e8ff44559bf1094f671c43d71f65863bff381fa8e0ec6934da5d59f5a112e 1052965 libpgjava_42.7.7.orig.tar.gz
ed6ff596666815afc80140877af83a42eade5b496fd486e859ea8bfb4e86ff31 10480 libpgjava_42.7.7-1.debian.tar.xz
Files:
3be9286e0671fd7c0ec2246a006fdda0 2420 java optional libpgjava_42.7.7-1.dsc
0773de80142ff9f753271407fb161460 1052965 java optional libpgjava_42.7.7.orig.tar.gz
108a42c16edb8eebbcdb30ac0b199d2a 10480 java optional libpgjava_42.7.7-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmhMKpIACgkQTFprqxLS
p64RoA//a1fsMkXNW0wMCZ69pPBFROlW/2s6pDf64XPGzOxRWlGSdTVZQ/NXPuq4
rIY0GASEiUNkF7NUekbqH2vX165N/wEOJaSlxXERbniEKzYjUd7hUnFYaLtY49LS
7GZMpzzNz/jvIPyFTijLxMa6l6Y8+wNzm8I2uinLINny1k7GJ7shyBtSPZZd7FOc
OrSJnT9C1AMx7wi37Svy/s7tr+SXS1ph1o6Nt3XMkG93TUTnmA3GYFAWtNF8tjpI
HyZYoUOFwBLzOyK/KFIbJGW7Bo2YfwnKKnWxoazuGeJaYe729UVJ8x6He/exvQA+
Ttzr7tASqCRUC0kJl7odpM6AVjS1lGllTFqJTa8XR08zHD+mQUQlNhVDItFbSxuM
Ab9QGh8xHrJE7tqWBU7vobm+/6PbdSygUBaBD1ynkiqBPeMn7bR8680OEki+pW7i
m7DwH4d9vUrJ0Zz26wZ+N/UAiiwK8nhcDU77b7SjazIQ6SyvlF8Zrl+OHNlBVAI3
zdWkqb56kjGVJDy3rFw5bjpsk2lz4PyM6pSnbRJFFzOFSCTE3OhTs/cJcgxYsdWW
/Qc3MJ8D3ovsp4eci1BCdD8BsGqi/yvC4FXz5cKfObZWOUEKo+CNDQdb4+5NLt1D
Mqd95itjOBir3mW5XLESciaXktvDqBjZ8zB1kGmyxUQcYKiBdyU=
=uFug
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250613/d51acd30/attachment.sig>
More information about the pkg-java-maintainers
mailing list