golang-github-jackc-pgx (4.18.1-2) unstable; urgency=medium * Team upload. * Create a new git branch to fix CVEs during soft freeze. * Add two patches from upstream - CVE-2024-27289 pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. Closes: #1065686 - CVE-2024-27304 pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. Closes: #1065687 -- Dr. Tobias Quathamer Wed, 23 Apr 2025 11:04:24 +0200 golang-github-jackc-pgx (4.18.1-1) unstable; urgency=medium * Team upload * New upstream version 4.18.1 * Reorder fields in debian/control and debian/copyright * Change Section from devel to golang * Use dh-sequence-golang instead of dh-golang and --with=golang * Update versioned dependencies as per go.mod * Remove unused "DH_GOLANG_INSTALL_EXTRA := $(wildcard *.example)" as upstream no longer comes with *.example files * Set debian-branch to debian/sid for DEP-14 conformance -- Anthony Fok Mon, 26 Feb 2024 19:29:39 -0700 golang-github-jackc-pgx (4.15.0-4) unstable; urgency=medium * Source only upload for migration to testing -- Pirate Praveen Mon, 18 Apr 2022 13:14:43 +0530 golang-github-jackc-pgx (4.15.0-3) unstable; urgency=medium * Binary included upload to break circular dependency with golang-github-jackc-pgtype-dev -- Pirate Praveen Sun, 17 Apr 2022 18:29:54 +0530 golang-github-jackc-pgx (4.15.0-2) unstable; urgency=medium * Reupload to unstable * Add Breaks: golang-github-jackc-pgtype-dev (<< 1.10.0-3~) -- Pirate Praveen Sat, 16 Apr 2022 14:01:42 +0530 golang-github-jackc-pgx (4.15.0-1) experimental; urgency=medium [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.1, no changes needed. [ Pirate Praveen ] * New upstream version 4.15.0 * Bump Standards-Version to 4.6.0 (no changes needed) * Update XS-Go-Import-Path and binary package name to include v4 * Update dependencies * Add myself to uploaders -- Pirate Praveen Fri, 11 Mar 2022 16:21:34 +0530 golang-github-jackc-pgx (3.6.2-2) unstable; urgency=medium * Team upload. * Rename golang-x-text-dev to golang-golang-x-text-dev -- Stephen Gelman Sun, 02 Aug 2020 19:11:38 -0500 golang-github-jackc-pgx (3.6.2-1) unstable; urgency=medium * New upstream release. * Standards-Version: 4.5.0. * Disabled broken "autopkgtest-pkg-go" test suite. -- Dmitry Smirnov Tue, 04 Feb 2020 15:42:56 +1100 golang-github-jackc-pgx (3.6.1-1) unstable; urgency=medium * New upstream release. * Standards-Version: 4.4.1. -- Dmitry Smirnov Wed, 15 Jan 2020 20:52:59 +1100 golang-github-jackc-pgx (3.6.0-1) unstable; urgency=medium * Initial release (Closes: #945927). -- Dmitry Smirnov Sun, 10 Nov 2019 21:50:20 +1100