[SECURITY] [DLA 2363-1] asyncpg security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2363-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
September 03, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : asyncpg
Version : 0.8.4-1+deb9u1
CVE ID : CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger
a crash or execute arbitrary code (on a database client) via a crafted
server response, because of access to an uninitialized pointer in the
array data decoder.
For Debian 9 stretch, this problem has been fixed in version
0.8.4-1+deb9u1.
We recommend that you upgrade your asyncpg packages.
For the detailed security status of asyncpg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asyncpg
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl9QIhUACgkQgj6WdgbD
S5bMDA/+KA6gEfzI1ATMVcgOVkON76LgS3ZF2oowfsezuXdIm9vHzPLQpADfJxtp
cCDuGXCzNU8cFrQbwq83l4J7ZFFffxF3TWRG3/HA3V5EQD6RYq+EHl84QuR1hHwO
om57n/KZqbcTigmhngdod8knKQEn8ePtuWzQ+98N2DTFzSQKpqWAuZhRKSP084WS
EYvqwWubTLu6X4Z0Ysg6Q6rYdfIbyIm8wFUCb/yOPRBpoTllWiBFxfahbkxsCZRS
0caq/1Mtr7jeUDVNT5otAKcfeV8BvlJLnp/Cxq4QAGCyJC/VfObu1gV7tjq/GW+u
kmaF8Zq2Fzg1zm5C1owspzgBDMkG47yOy1KPEi+CYbIcQkIDicZEtjT+nv8L/j4j
ZjGQHYBnIeJTH3e9UXqX77unJbVpQ2gWWzPv5t5hL4TMedlNFq9XWZRYsKwsGY0z
1z66fUgh9YKgau4ccF9ni3Iouc4iup77oPodhupHRE6MOxDQnu8Sw1kNjYZPfFIC
36zoUyXEHbWdo/g8R1rvDj8imjnl3a7kZYb3Z4fieRWmtRSKfduNrADtcs2sJjMM
zV7BFXQMbDzfSUdo//l/A4AbTNpPB62zFpnvJuZTnGTJT2tIftQnWn0LMT/F6MM+
qZ2g2Cw6bJIGoPLiXY6JPs4fXMnlX311oya166uZXnGBUyfgj80=
=kkMn
-----END PGP SIGNATURE-----
Reply to: