Hi All,
PgBouncer 1.24.1 was just released and it contains a security fix for
CVE-2025-2291 [0],[1]. I've updated the Debian package with this new
version. The pytest suite is failing on jengus for oracular and plucky.
I am able to run the pytest suite successfully for oracular and plucky
locally using sbuild. One difference between my local system and jengus
is that I do not have the PGDG apt repo added in my chroots. This makes
me think the issue may be related to a particular version of postgres. I
also noticed that pgbouncer does not have a pgversions file.
I will spend some more time tomorrow looking at this but I wanted to let
the list know about the new upstream version. I also wanted to ask if
anyone knows which versions of PostgreSQL PgBouncer supports; I tried
quickly scanning the GitHub and documenation website but did not see
that mentioned anywhere.
Thanks,
-- Bradford
[0]: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_24_1
[1]: https://nvd.nist.gov/vuln/detail/CVE-2025-2291
