libpgjava (42.7.7-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/libpostgresql-jdbc-java.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 3362816
- Browser: https://salsa.debian.org/java-team/libpostgresql-jdbc-java
- Last scan: 2025-07-14 12:51:07+00
- Next scan: 2025-07-21 13:17:00+00
- CI pipeline status: success
- Debian changelog in Git:
libpgjava (42.7.7-1) unstable; urgency=medium
* New upstream version 42.7.7.
Fixes CVE-2025-49146: When the PostgreSQL JDBC driver is configured with
channel binding set to required (default value is prefer), the driver
would incorrectly allow connections to proceed with authentication methods
that do not support channel binding (such as password, MD5, GSS, or SSPI
authentication). This could allow a man-in-the-middle attacker to
intercept connections that users believed were protected by channel
binding requirements.
-- Christoph Berg <myon@debian.org> Fri, 13 Jun 2025 15:26:53 +0200
- This branch is even with tag debian/42.7.7-1