Package: golang-github-jackc-pgx-v4-dev Version: 4.18.1-2 Severity: normal Version 4.18.3 is available upstream.
It seems that this version (4.18.1-2) matches the upstream 4.18.2 which fixed a couple of CVEs. Unfortunately if I configure my system to depend on 4.18.1 so that it builds on Debian it may, or may not, include those security fixes in the build. -- System Information: Debian Release: forky/sid APT prefers unstable APT policy: (750, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.18.5+deb14-amd64 (SMP w/24 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages golang-github-jackc-pgx-v4-dev depends on: ii golang-github-go-kit-log-dev 0.2.1-1 ii golang-github-inconshreveable-log15-dev 2.15-2 ii golang-github-jackc-pgconn-dev 1.14.0-1 ii golang-github-jackc-pgtype-dev 1.10.0-4 ii golang-github-jackc-puddle-dev 1.3.0-1 ii golang-github-rs-zerolog-dev 1.29.1-1 ii golang-github-sirupsen-logrus-dev 1.9.3-1 ii golang-go.uber-zap-dev 1.27.0-1 ii golang-golang-x-crypto-dev 1:0.45.0-1 ii golang-golang-x-text-dev 0.31.0-1 golang-github-jackc-pgx-v4-dev recommends no packages. golang-github-jackc-pgx-v4-dev suggests no packages. -- no debconf information -- ---------------------------------------------------------------------- Porirua, New Zealand +64 (27) 288 6741 Q: What is the sound of one cat napping? A: Mu. ----------------------------------------------------------------------
