CVE-2021-3935 (https://bugzilla.redhat.com/show_bug.cgi?id=2021251): When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. Please bump.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ac0c687c12c442d5bc4948b7b3fab3f54b1f5ef commit 5ac0c687c12c442d5bc4948b7b3fab3f54b1f5ef Author: Patrick Lauer <patrick@gentoo.org> AuthorDate: 2022-08-19 13:33:22 +0000 Commit: Patrick Lauer <patrick@gentoo.org> CommitDate: 2022-08-19 13:33:36 +0000 dev-db/pgbouncer: Remove old Bug: https://bugs.gentoo.org/826614 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick Lauer <patrick@gentoo.org> dev-db/pgbouncer/Manifest | 2 - dev-db/pgbouncer/pgbouncer-1.15.0-r1.ebuild | 81 ----------------------------- dev-db/pgbouncer/pgbouncer-1.16.0.ebuild | 81 ----------------------------- 3 files changed, 164 deletions(-)
