Your message dated Fri, 20 Mar 2026 08:36:33 +0000
with message-id <[email protected]>
and subject line Bug#1131154: fixed in golang-github-jackc-pgconn 1.14.3-1
has caused the Debian Bug report #1131154,
regarding golang-github-jackc-pgconn: pgx SQL Injection via Protocol Message
Size Overflow CVE-2024-27304
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131154
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-github-jackc-pgconn
Version: 1.14.0-1
X-Debbugs-CC: [email protected]
Tags: security
This is a bug to track the security vulnerability CVE-2024-27304
described here:
https://github.com/advisories/GHSA-mrww-27vc-gghv
Uploading the new version requires fixing golang-github-jackc-pgproto3
first, and they broke the ABI so a transition is required too. I only
plan to fix this for sid.
/Simon
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: golang-github-jackc-pgconn
Source-Version: 1.14.3-1
Done: Simon Josefsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-jackc-pgconn, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <[email protected]> (supplier of updated
golang-github-jackc-pgconn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Mar 2026 08:30:19 +0100
Source: golang-github-jackc-pgconn
Architecture: source
Version: 1.14.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Simon Josefsson <[email protected]>
Closes: 1131154
Changes:
golang-github-jackc-pgconn (1.14.3-1) unstable; urgency=medium
.
* Team upload
* Upload to unstable
.
golang-github-jackc-pgconn (1.14.3-1~exp0) experimental; urgency=medium
.
* Team upload
* New upstream version
- Fixes CVE-2024-27304 (Closes: 1131154)
* Drop Priority: optional
* Standards-Version: 4.7.3
* Drop Rules-Requires-Root: no
* Bump pgproto3>=2.3.3
* Bump debian/* copyright years
* Use gbp sign-tags and upstream-vcs-tag
* Use watch v5
* Re-enable some tests
Checksums-Sha1:
4aa22985560667803644176e022ee51c0d08da91 2955
golang-github-jackc-pgconn_1.14.3-1.dsc
3efc33dc2ebbaf4b38c7be3175ead49cb25cc3c6 2808
golang-github-jackc-pgconn_1.14.3-1.debian.tar.xz
46053dc3386de88e44d1f44eda1fd28c026d347f 151200
golang-github-jackc-pgconn_1.14.3-1.git.tar.xz
dc870ab203a04fad4b78f7e4421e199921e118a3 17411
golang-github-jackc-pgconn_1.14.3-1_source.buildinfo
Checksums-Sha256:
7c9d08f8e2b901742af1e58bc7144b14ffaab78c2296a6a7d989a56a156b1dfa 2955
golang-github-jackc-pgconn_1.14.3-1.dsc
f5a502dabe8a9c695d23068f38e766dc9cba65d263342884a7c413212baea957 2808
golang-github-jackc-pgconn_1.14.3-1.debian.tar.xz
dc8b192ebe9560ea1ddf97828eadc11b16ce6287ac06f82b422415df068f16a4 151200
golang-github-jackc-pgconn_1.14.3-1.git.tar.xz
b1b4496a0db4076078246463fdf40b4a7ef6fb584e8cda8b2f0e450ce0767112 17411
golang-github-jackc-pgconn_1.14.3-1_source.buildinfo
Files:
6af87831f358bb6dcf717773b101fd09 2955 golang optional
golang-github-jackc-pgconn_1.14.3-1.dsc
b376bbad9ffb285d7ea9e5fba153fc0c 2808 golang optional
golang-github-jackc-pgconn_1.14.3-1.debian.tar.xz
332bf708401b4d74fbbd7b7ed718ea23 151200 golang None
golang-github-jackc-pgconn_1.14.3-1.git.tar.xz
273bc32f8996230d1d0e9cae2a8edc73 17411 golang optional
golang-github-jackc-pgconn_1.14.3-1_source.buildinfo
Git-Tag-Info: tag=6c70d6da5b505bea685bb95fb86212f3f8053ebb
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmm8+rIACgkQYG0ITkaD
wHlLnQ/9E3p4Vqond4w1JSjDOMIPBTivEqb4ApJE17C2ZOYqWrx6Kgsi0QO3cMIt
qc6RjS/wKDiQ7+WVyuM75P/jPnNYUsBXZQV5nrOBe1DmZ/0ABQjevEgJxr39a5US
E/SrcjvqTaXHvAwsMWbkP1tYpahxcwGoq/2qSOWH+Xaxaas1OrlrsEPKl97UZWeo
n0wxHboqivAphOsCDXCyF74UaXXfihUZRR7hlUGAEbdLvhl5SdRIxCPh8IdKESuL
HEIRiaQrBIOgckAH8tROGqMCuhcX84qYMZuOsvG5uwbeenT1MZMwGl0D8pCSTNEO
n9faDBRm9ec//ci8B11759oVi1HhzxazMS/jQIWaozpxsWVgoi0ow1OUAdXzPwrd
fetCAEplx1N4x/eUUdxEEINOSImBQiPrr72dv9r7UyDdS838gb2WXeRbDo1NI/GG
3+a+mpl3CcWQ6P0EiMsdgDayx55bqbNqVuHGVo47gy1WlDa8L8+1299QSKAtCX0r
v+X606ct51gjHE7pVUoXXJj1RVpbHP/BlIMM6GzIAN7EVFr3l/I3ZsDnQlerBsYo
pNeeg8RP69gQJ+PJMEXL1pVXMxHAZyvTH74O3/T0H/Afg2laf4U30UmBDSPCYZu+
cGe77nbkrSqHFZOW6DxpcwTu/ClAOlQtCAOFCtvoQsVJZgLiL34=
=qf/r
-----END PGP SIGNATURE-----
pgpjsBluERFqJ.pgp
Description: PGP signature
--- End Message ---
