Source: libpgjava Source-Version: 42.7.7-1 On Fri, Jun 13, 2025 at 01:49:22PM +0000, Debian FTP Masters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Format: 1.8 > Date: Fri, 13 Jun 2025 15:26:53 +0200 > Source: libpgjava > Architecture: source > Version: 42.7.7-1 > Distribution: unstable > Urgency: medium > Maintainer: Debian Java Maintainers > <[email protected]> > Changed-By: Christoph Berg <[email protected]> > Changes: > libpgjava (42.7.7-1) unstable; urgency=medium > . > * New upstream version 42.7.7. > Fixes CVE-2025-49146: When the PostgreSQL JDBC driver is configured with > channel binding set to required (default value is prefer), the driver > would incorrectly allow connections to proceed with authentication > methods > that do not support channel binding (such as password, MD5, GSS, or SSPI > authentication). This could allow a man-in-the-middle attacker to > intercept connections that users believed were protected by channel > binding requirements. > Checksums-Sha1: > 09e4468b9fbdbce67aa566e3568bfdc5df75bf36 2420 libpgjava_42.7.7-1.dsc > bf95dc7a9ab835185b80bff3283eb903d6735753 1052965 libpgjava_42.7.7.orig.tar.gz > 55d542519dd8f213d932f5a2284f39bae40e3f32 10480 > libpgjava_42.7.7-1.debian.tar.xz > Checksums-Sha256: > a983ffa7cdd966c2044e5ef2c71815a70b275dde7e92b2418471a9426ac13d0e 2420 > libpgjava_42.7.7-1.dsc > 216e8ff44559bf1094f671c43d71f65863bff381fa8e0ec6934da5d59f5a112e 1052965 > libpgjava_42.7.7.orig.tar.gz > ed6ff596666815afc80140877af83a42eade5b496fd486e859ea8bfb4e86ff31 10480 > libpgjava_42.7.7-1.debian.tar.xz > Files: > 3be9286e0671fd7c0ec2246a006fdda0 2420 java optional libpgjava_42.7.7-1.dsc > 0773de80142ff9f753271407fb161460 1052965 java optional > libpgjava_42.7.7.orig.tar.gz > 108a42c16edb8eebbcdb30ac0b199d2a 10480 java optional > libpgjava_42.7.7-1.debian.tar.xz > > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmhMKpIACgkQTFprqxLS > p64RoA//a1fsMkXNW0wMCZ69pPBFROlW/2s6pDf64XPGzOxRWlGSdTVZQ/NXPuq4 > rIY0GASEiUNkF7NUekbqH2vX165N/wEOJaSlxXERbniEKzYjUd7hUnFYaLtY49LS > 7GZMpzzNz/jvIPyFTijLxMa6l6Y8+wNzm8I2uinLINny1k7GJ7shyBtSPZZd7FOc > OrSJnT9C1AMx7wi37Svy/s7tr+SXS1ph1o6Nt3XMkG93TUTnmA3GYFAWtNF8tjpI > HyZYoUOFwBLzOyK/KFIbJGW7Bo2YfwnKKnWxoazuGeJaYe729UVJ8x6He/exvQA+ > Ttzr7tASqCRUC0kJl7odpM6AVjS1lGllTFqJTa8XR08zHD+mQUQlNhVDItFbSxuM > Ab9QGh8xHrJE7tqWBU7vobm+/6PbdSygUBaBD1ynkiqBPeMn7bR8680OEki+pW7i > m7DwH4d9vUrJ0Zz26wZ+N/UAiiwK8nhcDU77b7SjazIQ6SyvlF8Zrl+OHNlBVAI3 > zdWkqb56kjGVJDy3rFw5bjpsk2lz4PyM6pSnbRJFFzOFSCTE3OhTs/cJcgxYsdWW > /Qc3MJ8D3ovsp4eci1BCdD8BsGqi/yvC4FXz5cKfObZWOUEKo+CNDQdb4+5NLt1D > Mqd95itjOBir3mW5XLESciaXktvDqBjZ8zB1kGmyxUQcYKiBdyU= > =uFug > -----END PGP SIGNATURE-----
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
