pgbouncer (1.16.1-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/postgresql/pgbouncer.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Browser: https://salsa.debian.org/postgresql/pgbouncer
Last scan: 2021-11-26 15:32:36+00
Next scan: 2021-12-05 03:03:00+00
CI pipeline status: success

Debian changelog in Git:

pgbouncer (1.16.1-1) unstable; urgency=medium

  * New upstream version.

    Make PgBouncer acting as a server reject extraneous data after an
    SSL or GSS encryption handshake.

    A man-in-the-middle with the ability to inject data into the TCP
    connection could stuff some cleartext data into the start of a
    supposedly encryption-protected database session.  This could be
    abused to send faked SQL commands to the server, although that would
    only work if PgBouncer did not demand any authentication data.
    (However, a PgBouncer setup relying on SSL certificate
    authentication might well not do so.)

    (Similar to CVE-2021-23214 in the PostgreSQL server.)

 -- Christoph Berg <myon@debian.org>  Fri, 26 Nov 2021 11:19:53 +0100

This branch is even with tag debian/1.16.1-1