Your message dated Sat, 14 Sep 2024 18:00:20 +0000
with message-id <[email protected]>
and subject line Bug#1081659: fixed in pgpool2 4.5.4-1
has caused the Debian Bug report #1081659,
regarding pgpool2: CVE-2024-45624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1081659: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081659
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pgpool2
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pgpool2.
CVE-2024-45624[0]:
| Exposure of sensitive information due to incompatible policies issue
| exists in Pgpool-II. If a database user accesses a query cache,
| table data unauthorized for the user may be retrieved.
https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-45624
https://www.cve.org/CVERecord?id=CVE-2024-45624
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: pgpool2
Source-Version: 4.5.4-1
Done: Christoph Berg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pgpool2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[email protected]> (supplier of updated pgpool2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 13 Sep 2024 21:54:33 +0200
Source: pgpool2
Binary: libpgpool-dev libpgpool2 libpgpool2-dbgsym pgpool2 pgpool2-dbgsym
postgresql-17-pgpool2 postgresql-17-pgpool2-dbgsym
Architecture: source amd64
Version: 4.5.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Christoph Berg <[email protected]>
Description:
libpgpool-dev - pgpool control protocol library - headers
libpgpool2 - pgpool control protocol library
pgpool2 - connection pool server and replication proxy for PostgreSQL
postgresql-17-pgpool2 - connection pool server and replication proxy for
PostgreSQL - mod
Closes: 1081659
Changes:
pgpool2 (4.5.4-1) unstable; urgency=medium
.
* New upstream version 4.5.4. (Closes: #1081659)
* Fixes CVE-2024-45624[0]:
Exposure of sensitive information due to incompatible policies issue
exists in Pgpool-II. If a database user accesses a query cache,
table data unauthorized for the user may be retrieved.
* Upload for PostgreSQL 17.
Checksums-Sha1:
d8b0c16820caa6aafaeb2d7ae730ee3c61c03697 2645 pgpool2_4.5.4-1.dsc
4cb02a1e448a3118d858e57e48a78a636d7be9df 5258841 pgpool2_4.5.4.orig.tar.gz
a18ab2a38bf4203cc46bdb0b1795975982f272ba 14160 pgpool2_4.5.4-1.debian.tar.xz
016322c24a1c4ad1631dabf4bcd3324022e7c6cf 151828 libpgpool-dev_4.5.4-1_amd64.deb
51d4c75f85b18c181ef56755b6d3cf5c43a9c887 65760
libpgpool2-dbgsym_4.5.4-1_amd64.deb
37ad179fd32e5a973e9daa05d44d3516c164db7c 142168 libpgpool2_4.5.4-1_amd64.deb
d91ecdb946e8cea11b40f5dbdeca3530522009d9 2016364
pgpool2-dbgsym_4.5.4-1_amd64.deb
13d7ce1b6ba81f04a0c7c2c03dbe473e87a33c7d 12161 pgpool2_4.5.4-1_amd64.buildinfo
1e4643fced4b3b660591a2808cd1e5d5801b29fb 1168796 pgpool2_4.5.4-1_amd64.deb
51ebdd38dba49f0c0eefe512d81bebecd3bf484b 58108
postgresql-17-pgpool2-dbgsym_4.5.4-1_amd64.deb
bd569a35e2ebf09aa5a023b06d0e339b18f2c41c 162020
postgresql-17-pgpool2_4.5.4-1_amd64.deb
Checksums-Sha256:
80d910f6127b08351fb24b32ca2d6ccbd909fd34a16c21c7d751e68f4cd948ac 2645
pgpool2_4.5.4-1.dsc
d1392e74ce2807f8ae628872cb1ab7914249921180dc99df40a1d602647a10fd 5258841
pgpool2_4.5.4.orig.tar.gz
f4ab66539c86f964e7da377e10cf68041713f605533ff4b683e3b2cf2125a9c5 14160
pgpool2_4.5.4-1.debian.tar.xz
25bdb7db2b62330869cedce69a2cb4cf7ebf81fb43542858c66878b178bb0c88 151828
libpgpool-dev_4.5.4-1_amd64.deb
0aea50ba7e2a55c86d8348e7bc2589076c32d2a2141ca14896355430b00b5d89 65760
libpgpool2-dbgsym_4.5.4-1_amd64.deb
2874140670012660f8a4f8363db17e9b6a53310634a0945dd05bcc5e49e5609d 142168
libpgpool2_4.5.4-1_amd64.deb
11990140b56ef928eaa77f266b797c1fe9a83705a988e9db4277163c2bac5c00 2016364
pgpool2-dbgsym_4.5.4-1_amd64.deb
5e4a491a2d595ff7759ce17455e9c9642d70db3d6bc0e3497710685353c937c8 12161
pgpool2_4.5.4-1_amd64.buildinfo
d12830c4eca5b3c55d6712e074baf2a4af40d5e865deb78ad4a843b8458f187d 1168796
pgpool2_4.5.4-1_amd64.deb
9644d582718ae41e198e9262c340da48f0844f55339adea2ee2ddd17eb2a2c49 58108
postgresql-17-pgpool2-dbgsym_4.5.4-1_amd64.deb
26587d8538b82f3fd1f311edc15bf9078ffa0a239095cc0dff227b83cce42ab2 162020
postgresql-17-pgpool2_4.5.4-1_amd64.deb
Files:
d1a458c8649b3600e4956984ee44e39f 2645 database optional pgpool2_4.5.4-1.dsc
2231066faf01ee3980b19a8d1f1034ee 5258841 database optional
pgpool2_4.5.4.orig.tar.gz
2cfe5127f3a776d275f71490acc65ca6 14160 database optional
pgpool2_4.5.4-1.debian.tar.xz
11b8bdcffc747504589a9c0e94368193 151828 libdevel optional
libpgpool-dev_4.5.4-1_amd64.deb
1711b49fbc199a24c5f21ad6803eafeb 65760 debug optional
libpgpool2-dbgsym_4.5.4-1_amd64.deb
a65c61e4a8ef48003ff6dff05b1f34ff 142168 libs optional
libpgpool2_4.5.4-1_amd64.deb
a2400060d043cd9da1c3ce4b817eeaa4 2016364 debug optional
pgpool2-dbgsym_4.5.4-1_amd64.deb
8d3017ef9fd38598408e3cf295b8a5b6 12161 database optional
pgpool2_4.5.4-1_amd64.buildinfo
520f784d07348a7c53fb50e27a2be573 1168796 database optional
pgpool2_4.5.4-1_amd64.deb
988f1df8b7506dfe6f576fb7c34626a1 58108 debug optional
postgresql-17-pgpool2-dbgsym_4.5.4-1_amd64.deb
3cc33e4dc18668412f0d8321eb88064a 162020 database optional
postgresql-17-pgpool2_4.5.4-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmbknOIACgkQTFprqxLS
p67nYg//WRurIQ5aWsoBu3m6DwCX6usc5uAQtu5DgBVVvcPUDHwCu3srpNILxAT3
vzL/V4hS4Z4nSgNzGCK1TAByprxvxBTwJmqX6hAAQrP6Mq8rgTtwgthqe3S1e6kf
2pwP/JYD59u52v8TMtj96JLgwoiywo4VHGMfSs1/BtT1Fx3rJ+bbE8Lagbqn/jIx
r2P7fqz075el+Wp67PYUGrDrQQQJNAuKAc157FAAW1LaC6fw0lqdlge/YuwFyA5v
WcbUZToQhDoPMyfpWuGPgfVlvbFZH6/qTn7hrujGjPRHs3Q9IvxESzVGfbozvnSf
B8J6/D+WpkNtwVOlwKkpnMMZ8LqlfQwZEh7YTUu9g70gnjbrixR9SEmwiBWtgXoX
drdK0U3hYtynHrnY3za5GH5fmsokmc7ohlbCBC/b8Jc+E2kYl45LAvTTKwZZ9KV2
u3FwVeGWbpsB8uh63qD+ghc6NaXs0JZyJl35+jHGWk98yGJLkVzIiHVKbz/DNgAS
bWBn3x3M4Z5OclEaeAvFz+Rktp0r5LtLjwsSdq3me/+p9fNe6b1ngAde89pNkc+0
njZ8lKqj4Ewrf/8O828K3p6qO5VK2J0T0JPPogKeGJR1mhtxZUtzdq8cgvOJJXZ7
FQIxbzakmghCegDgBap3/ktc6w7HsxiziEG7TMqdyZPhBH03biM=
=YX/j
-----END PGP SIGNATURE-----
pgp03J5zH9V8R.pgp
Description: PGP signature
--- End Message ---
