Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 46b0f68c by Abhijith PA at 2025-06-26T12:06:47+05:30 The channelbinding option was introduced in version 42.7.4 See tag 42.7.4-rc1 https://github.com/pgjdbc/pgjdbc/commit/7a65cf368a935757e5b4d9abed1a3eb7ff1f046e In older versions it is explicitly mentioned that channelbinding is not supported; `.channelBinding(ScramClient.ChannelBinding.NO)` - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4237,6 +4237,8 @@ CVE-2025-49148 (ClipShare is a lightweight and cross-platform tool for clipboard NOT-FOR-US: ClipShare CVE-2025-49146 (pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until ...) - libpgjava 42.7.7-1 (bug #1107696) + [bookworm] - libpgjava <not-affected> (Vulnerable code introduced in 42.7.4) + [bullseye] - libpgjava <not-affected> (Vulnerable code introduced in 42.7.4) NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54 NOTE: Fixed by: https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 (REL42.7.7-rc1) CVE-2025-48448 (Allocation of Resources Without Limits or Throttling vulnerability in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b0f68c8e1221d859490ce61a1f2ce02ae1fb59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b0f68c8e1221d859490ce61a1f2ce02ae1fb59 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
