Bug#1116054: libscram-java: CVE-2025-59432
Christoph Berg
myon at debian.org
Tue Sep 23 19:28:07 BST 2025
Re: Salvatore Bonaccorso
> The following vulnerability was published for libscram-java.
Hi Salvatore,
I just uploaded 3.2-1 to unstable with the fix. libpgjava will need a
(sourceful) rebuild once that package is installed.
A branch with just the fix can be found at
https://salsa.debian.org/java-team/libscram-java/-/tree/cve-2025-59432?ref_type=heads
(I have no plans yet to upload that anywhere, do you want me to do that?)
FYI, while building the fix on apt.postgresql.org I noticed that the
current libscram-java does not compile anymore on bullseye and jammy,
in case anyone wants to try that.
Christoph
More information about the pkg-java-maintainers
mailing list