Thank you for your contribution to Debian.
Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Apr 2026 11:08:43 +0200 Source: libpgjava Architecture: source Version: 42.7.11-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <[email protected]> Changed-By: Christoph Berg <[email protected]> Changes: libpgjava (42.7.11-1) unstable; urgency=medium . * New upstream version 42.7.11. * Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. (CVE-2026-42198) Checksums-Sha1: c3820a390027c9c8cea6dfee674b2266326f48f9 2426 libpgjava_42.7.11-1.dsc 2eaf56e603341e2c83b9ea3f232b6aa41563e0ca 1081223 libpgjava_42.7.11.orig.tar.gz efbd6ded05d7a18142493d55246e5b7280d0a6dc 10952 libpgjava_42.7.11-1.debian.tar.xz Checksums-Sha256: 47afe2e57ba554a1d7478209ae1faf9adf841c7db71d92fa63253c9dad49c884 2426 libpgjava_42.7.11-1.dsc fe160f3ab61e486e071f7cc53131998613c81d032c73be72208a99d2f63220ff 1081223 libpgjava_42.7.11.orig.tar.gz adbfc94a76f81c1c76e20035e071e40dc8876d7c677c0b17dc966d3f37f35f76 10952 libpgjava_42.7.11-1.debian.tar.xz Files: 9130d1f2f91b1ec3ff5a4b2cb7e192f8 2426 java optional libpgjava_42.7.11-1.dsc 102767da3052d6d803f1b6f7260aa6e4 1081223 java optional libpgjava_42.7.11.orig.tar.gz 994baff7a237ad0076e37939a5561a2f 10952 java optional libpgjava_42.7.11-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmnxzlEACgkQTFprqxLS p640lA/+LzDeWiKCF2GB/IwqdakUSF2DbgKMxhDReFiS5eNhvmfgkf59IRDqocBm wZx/kGzN9Hu8Uny9ahiSgbVzSH790M6In1xMQu6eNmBUVs+HqhsnWYWKWT7fcGvg QQnVjJ4zss+XUHb5G7P4xDk+th3ApdcRwzzrIkzKDrck47s5LtggWdvhwCSrAUY2 zMPcNaorngAs3BB+stnHdh6CY3aTw5s+B4DpaWLTQl55l13afDm/6agsiAsdYCqE YPEmgwrIAAG796GIoIT0a/xQTu1vSQlMCS7Dz6FGbeP2P8A+YPZgeGNSp2QTliB6 nHed1uC/Wy65pP7lqsYPYoG+uMAxTrHbf0pGecCcrMsReXCSQfqkiAuadPQ9nHNq N0pFGYeB7Dnbqs7Mc+v/QWFC5at/Ci1beZgDLvIuajvPEZYqsY4X/TiVdiacKkXe NnAmjRBhsWzaDaYVVzU6ds2PwnzBWTrOYcXVF3lIubtuswNSt4Fy9OHJT5LpR8JE 7LfbJ6UkWPiyhZ7xZIWkO8V4qOkQZkH/ojJtBHgLjKJN8dFoVKlWw6vb887GN3JL Nsh/c2pt3NlMcwzp8z3tlQUiRjKd1tj/ioMOrXL4zgZ7ezBmSFE9li31gSOQP4HL +mfC6KmebvKuaL9XKwVJadRgKhV2pWtc7DCi2DwR+8xrEuWcVKY= =Di7U -----END PGP SIGNATURE-----
pgp_r0gCKuQPA.pgp
Description: PGP signature
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
