Overview

File _patchinfo of Package patchinfo.42045

<patchinfo incident="42045">
  <issue tracker="cve" id="2025-12765"/>
  <issue tracker="cve" id="2025-12764"/>
  <issue tracker="bnc" id="1253477">VUL-0: CVE-2025-12764: pgadmin4: improper validation of characters in username allows for LDAP injection</issue>
  <issue tracker="bnc" id="1253478">VUL-0: CVE-2025-12765: pgadmin4: insufficient checks in LDAP authentication flow allow for bypass of TLS certificate validation</issue>
  <category>security</category>
  <rating>important</rating>
  <packager>sbradnick</packager>
  <summary>Security update for pgadmin4</summary>
  <description>This update for pgadmin4 fixes the following issues:
 
- CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation
  that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478).
- CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing
  of unusual amounts of data and leads to a DoS (bsc#1253477).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places