Source: pgpool2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for pgpool2. CVE-2024-45624[0]: | Exposure of sensitive information due to incompatible policies issue | exists in Pgpool-II. If a database user accesses a query cache, | table data unauthorized for the user may be retrieved. https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-45624 https://www.cve.org/CVERecord?id=CVE-2024-45624 Please adjust the affected versions in the BTS as needed.
