Bug#1107696: Accepted libpgjava 42.7.7-1 (source) into unstable

Salvatore Bonaccorso carnil at debian.org
Fri Jun 13 22:30:09 BST 2025 

Source: libpgjava
Source-Version: 42.7.7-1

On Fri, Jun 13, 2025 at 01:49:22PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Fri, 13 Jun 2025 15:26:53 +0200
> Source: libpgjava
> Architecture: source
> Version: 42.7.7-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
> Changed-By: Christoph Berg <myon at debian.org>
> Changes:
>  libpgjava (42.7.7-1) unstable; urgency=medium
>  .
>    * New upstream version 42.7.7.
>      Fixes CVE-2025-49146: When the PostgreSQL JDBC driver is configured with
>      channel binding set to required (default value is prefer), the driver
>      would incorrectly allow connections to proceed with authentication methods
>      that do not support channel binding (such as password, MD5, GSS, or SSPI
>      authentication). This could allow a man-in-the-middle attacker to
>      intercept connections that users believed were protected by channel
>      binding requirements.
> Checksums-Sha1:
>  09e4468b9fbdbce67aa566e3568bfdc5df75bf36 2420 libpgjava_42.7.7-1.dsc
>  bf95dc7a9ab835185b80bff3283eb903d6735753 1052965 libpgjava_42.7.7.orig.tar.gz
>  55d542519dd8f213d932f5a2284f39bae40e3f32 10480 libpgjava_42.7.7-1.debian.tar.xz
> Checksums-Sha256:
>  a983ffa7cdd966c2044e5ef2c71815a70b275dde7e92b2418471a9426ac13d0e 2420 libpgjava_42.7.7-1.dsc
>  216e8ff44559bf1094f671c43d71f65863bff381fa8e0ec6934da5d59f5a112e 1052965 libpgjava_42.7.7.orig.tar.gz
>  ed6ff596666815afc80140877af83a42eade5b496fd486e859ea8bfb4e86ff31 10480 libpgjava_42.7.7-1.debian.tar.xz
> Files:
>  3be9286e0671fd7c0ec2246a006fdda0 2420 java optional libpgjava_42.7.7-1.dsc
>  0773de80142ff9f753271407fb161460 1052965 java optional libpgjava_42.7.7.orig.tar.gz
>  108a42c16edb8eebbcdb30ac0b199d2a 10480 java optional libpgjava_42.7.7-1.debian.tar.xz
> 
> -----BEGIN PGP SIGNATURE-----
> 
> iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmhMKpIACgkQTFprqxLS
> p64RoA//a1fsMkXNW0wMCZ69pPBFROlW/2s6pDf64XPGzOxRWlGSdTVZQ/NXPuq4
> rIY0GASEiUNkF7NUekbqH2vX165N/wEOJaSlxXERbniEKzYjUd7hUnFYaLtY49LS
> 7GZMpzzNz/jvIPyFTijLxMa6l6Y8+wNzm8I2uinLINny1k7GJ7shyBtSPZZd7FOc
> OrSJnT9C1AMx7wi37Svy/s7tr+SXS1ph1o6Nt3XMkG93TUTnmA3GYFAWtNF8tjpI
> HyZYoUOFwBLzOyK/KFIbJGW7Bo2YfwnKKnWxoazuGeJaYe729UVJ8x6He/exvQA+
> Ttzr7tASqCRUC0kJl7odpM6AVjS1lGllTFqJTa8XR08zHD+mQUQlNhVDItFbSxuM
> Ab9QGh8xHrJE7tqWBU7vobm+/6PbdSygUBaBD1ynkiqBPeMn7bR8680OEki+pW7i
> m7DwH4d9vUrJ0Zz26wZ+N/UAiiwK8nhcDU77b7SjazIQ6SyvlF8Zrl+OHNlBVAI3
> zdWkqb56kjGVJDy3rFw5bjpsk2lz4PyM6pSnbRJFFzOFSCTE3OhTs/cJcgxYsdWW
> /Qc3MJ8D3ovsp4eci1BCdD8BsGqi/yvC4FXz5cKfObZWOUEKo+CNDQdb4+5NLt1D
> Mqd95itjOBir3mW5XLESciaXktvDqBjZ8zB1kGmyxUQcYKiBdyU=
> =uFug
> -----END PGP SIGNATURE-----

More information about the pkg-java-maintainers mailing list