Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9658e09a by Moritz Mühlenhoff at 2026-05-10T13:10:42+02:00
pgbouncer spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -138,15 +138,23 @@ CVE-2026-7652 (The LatePoint plugin for WordPress is
vulnerable to Account Takeo
NOT-FOR-US: WordPress plugin
CVE-2026-6667 (PgBouncer before 1.25.2 did not perform an appropriate
authorization c ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/97b5634be55d167a602b0bc0f09a8675997248a6
(pgbouncer_1_25_2)
CVE-2026-6666 (A possible null pointer reference in PgBouncer before 1.25.2
could lea ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/0564f937c0fd81378d67ddcb57b0c00abc0b0f8f
(pgbouncer_1_25_2)
CVE-2026-6665 (The SCRAM code in PgBouncer before 1.25.2 did not check the
return val ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/ab8dbb3b1a73b4a195062546e5e4f964b79f5b45
(pgbouncer_1_25_2)
CVE-2026-6664 (An integer overflow in network packet parsing code in PgBouncer
before ...)
- pgbouncer 1.25.2-1 (bug #1136075)
+ [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/ddc63c2175825bca9ef3c0a528280acaad76dbaa
(pgbouncer_1_25_2)
CVE-2026-45130 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim 2:9.2.0461-1 (bug #1136097)
=====================================
data/next-point-update.txt
=====================================
@@ -474,3 +474,11 @@ CVE-2026-6042
[trixie] - musl 1.2.5-3.1~deb13u1
CVE-2026-40200
[trixie] - musl 1.2.5-3.1~deb13u1
+CVE-2026-6667
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6666
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6665
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
+CVE-2026-6664
+ [trixie] - pgbouncer 1.24.1-1+deb13u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9658e09af9eb38dafc1c9b832b3ef204005e7591
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9658e09af9eb38dafc1c9b832b3ef204005e7591
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
