Source: pgpool2
Version: 4.6.0-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 4.3.5-1

Hi Christoph,

The following vulnerability was published for pgpool2.

CVE-2025-46801[0]:
| Pgpool-II provided by PgPool Global Development Group contains an
| authentication bypass by primary weakness vulnerability. if the
| vulnerability is exploited, an attacker may be able to log in to the
| system as an arbitrary user, allowing them to read or tamper with
| data in the database, and/or disable the database.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-46801
https://www.cve.org/CVERecord?id=CVE-2025-46801
[1] https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.6.1.2C_4.5.7.2C_4.4.12.2C_4.3.15_and_4.2.22_officially_released_.282025.2F05.2F15.29_2
[2] https://git.postgresql.org/gitweb/?p=pgpool2.git;a=commit;h=d8e2ace8737f64eee2bf5ca74f6294835fb75ccb

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)