Your message dated Wed, 18 Mar 2026 15:04:11 +0000
with message-id <[email protected]>
and subject line Bug#1131154: fixed in golang-github-jackc-pgconn 1.14.3-1~exp0
has caused the Debian Bug report #1131154,
regarding golang-github-jackc-pgconn: pgx SQL Injection via Protocol Message
Size Overflow CVE-2024-27304
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131154
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-github-jackc-pgconn
Version: 1.14.0-1
X-Debbugs-CC: [email protected]
Tags: security
This is a bug to track the security vulnerability CVE-2024-27304
described here:
https://github.com/advisories/GHSA-mrww-27vc-gghv
Uploading the new version requires fixing golang-github-jackc-pgproto3
first, and they broke the ABI so a transition is required too. I only
plan to fix this for sid.
/Simon
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: golang-github-jackc-pgconn
Source-Version: 1.14.3-1~exp0
Done: Simon Josefsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-jackc-pgconn, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <[email protected]> (supplier of updated
golang-github-jackc-pgconn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Mar 2026 10:51:45 +0100
Source: golang-github-jackc-pgconn
Architecture: source
Version: 1.14.3-1~exp0
Distribution: experimental
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Simon Josefsson <[email protected]>
Closes: 1131154
Changes:
golang-github-jackc-pgconn (1.14.3-1~exp0) experimental; urgency=medium
.
* Team upload
* New upstream version
- Fixes CVE-2024-27304 (Closes: 1131154)
* Drop Priority: optional
* Standards-Version: 4.7.3
* Drop Rules-Requires-Root: no
* Bump pgproto3>=2.3.3
* Bump debian/* copyright years
* Use gbp sign-tags and upstream-vcs-tag
* Use watch v5
* Re-enable some tests
Checksums-Sha1:
bf76696fcde35bb9ed80024a4cccedead4114114 2980
golang-github-jackc-pgconn_1.14.3-1~exp0.dsc
47a9cab0047a22c3334dc5669889d4c7ade1150f 54564
golang-github-jackc-pgconn_1.14.3.orig.tar.xz
e882725c06ff77bfafa8b5008ecf5a9ae45b6265 2784
golang-github-jackc-pgconn_1.14.3-1~exp0.debian.tar.xz
6a011660e630b98f922f470320518caca22dcfd0 150580
golang-github-jackc-pgconn_1.14.3-1~exp0.git.tar.xz
bf56a7b21deca6e8b5a9ba5aeb9fcf7b71d421b6 17396
golang-github-jackc-pgconn_1.14.3-1~exp0_source.buildinfo
Checksums-Sha256:
9b6b431dcdc1e9f97ea7b5fc7f0df4c9aa42f611ee1d047710920c993e35c2ed 2980
golang-github-jackc-pgconn_1.14.3-1~exp0.dsc
90d893262a87b27e7da34841e4de4b071d6afe931cfd3307a6fecf8e9cca2ea6 54564
golang-github-jackc-pgconn_1.14.3.orig.tar.xz
3c42f5189e2b17aeea4759e866916e9814e2417e9251b0461504d89da0bcfc72 2784
golang-github-jackc-pgconn_1.14.3-1~exp0.debian.tar.xz
8ac07b2d8c06d5e45773dd7c14b425922364d016d0e5be4abeaf40a1d4c221a7 150580
golang-github-jackc-pgconn_1.14.3-1~exp0.git.tar.xz
296a46481c0e6f4c38ae0b7acc150e0298369e79e1fc5f6bf5181c124a833b18 17396
golang-github-jackc-pgconn_1.14.3-1~exp0_source.buildinfo
Files:
cabfc0c980c8d985c5229375e7167c7f 2980 golang optional
golang-github-jackc-pgconn_1.14.3-1~exp0.dsc
80439e65425d0cc14939db9fbc29a5dc 54564 golang optional
golang-github-jackc-pgconn_1.14.3.orig.tar.xz
3b7b86281b4a7a4751846e644df676bb 2784 golang optional
golang-github-jackc-pgconn_1.14.3-1~exp0.debian.tar.xz
e733864f7f0fe9c1d716cfa04b48f6dd 150580 golang None
golang-github-jackc-pgconn_1.14.3-1~exp0.git.tar.xz
27b03872dd58d56941f125c9784fee9c 17396 golang optional
golang-github-jackc-pgconn_1.14.3-1~exp0_source.buildinfo
Git-Tag-Info: tag=77c1ef579ff96b9877091a8914ba199e86e9f965
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmm6vHoACgkQYG0ITkaD
wHkW4w/+Lv5BnRds2kBv21IIGc4u0nmuYv9TBDHD3YvLz61xPGzdW87l+3RB4VmF
N9tVCFBnljQ7nOAZNL2oMdnnGJGuzkN5pWUjzWoX+8yG5qrwZK0J4PTJPi22SGE/
R8ZSjyj6b/ujrwTpdIQHcRTEQRQUB1EpZSUNrlLaljjTA1tBQUe1vWwRPeQcWfPV
FQl0tifNiy2icN1fsdtwzr9L8thdU16PGOFRtwvZ/i5trZRhgwgMqNpUVjXoobTb
9XAN2BW57llZwAsa8NKzL+3t3n/T41IjYLwWCX9wDcqavoncdmYwS/z7TVaNL68F
7lQ6qtPOQ3b0+obbOkpT99LquuPfWZbHrU4FAhZgxPMvdA6Li4wJ3VRcaQweS3sW
tuzj6GrP3zSAzM7GG7SDVrsPWywuhk73btdz97FOjZQ62TgOGigdEMGW+Ep3Kkki
emM0W5i6Qcd8LJ1zZLqD/ExuIpqi05wuF6lEB38GP0JcVaFT5xi45DcGTAS/wR7Z
aL6D3NibKWEt3QcTORkLqG0BNQ2zENKAQf+VUUgh6CsDBTMyx8mWk3Cmz3xAN7Vg
lB8GRO38qWxSsNdByCiVlI4RoWpaMSBH3eY6gAAsN4k99xF48+QIwmjks2EeGyCZ
QWW5hmIYsj49j/ANY8zPLh62uhmc4TnEYb8Q58kakXfMKtleaDU=
=XIBG
-----END PGP SIGNATURE-----
pgpKSqgucmAWb.pgp
Description: PGP signature
--- End Message ---
