[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

postgresql-9.1_9.1.5-1~bpo60+1_amd64.changes ACCEPTED into squeeze-backports

  to main/p/postgresql-9.1/libecpg-compat3_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libecpg-dev_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libecpg6_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpgtypes3_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpq-dev_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/libpq5_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1-dbg_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1_9.1.5-1~bpo60+1.debian.tar.gz
  to main/p/postgresql-9.1/postgresql-9.1_9.1.5-1~bpo60+1.dsc
  to main/p/postgresql-9.1/postgresql-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-9.1_9.1.5.orig.tar.bz2
  to main/p/postgresql-9.1/postgresql-client-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-contrib-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-doc-9.1_9.1.5-1~bpo60+1_all.deb
  to main/p/postgresql-9.1/postgresql-plperl-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-plpython-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-plpython3-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-pltcl-9.1_9.1.5-1~bpo60+1_amd64.deb
  to main/p/postgresql-9.1/postgresql-server-dev-9.1_9.1.5-1~bpo60+1_amd64.deb

postgresql-9.1 (9.1.5-1~bpo60+1) squeeze-backports; urgency=low
  * Rebuild for squeeze-backports.
postgresql-9.1 (9.1.5-1) unstable; urgency=medium
  * Urgency medium due to security fixes and bug fixes which should reach
    Wheezy quickly.
  * New upstream bug fix/security release:
    - Prevent access to external files/URLs via XML entity references.
      xml_parse() would attempt to fetch external files or URLs as needed
      to resolve DTD and entity references in an XML value, thus allowing
      unprivileged database users to attempt to fetch data with the
      privileges of the database server. While the external data wouldn't
      get returned directly to the user, portions of it could be exposed
      in error messages if the data didn't parse as valid XML; and in any
      case the mere ability to check existence of a file might be useful
      to an attacker. (CVE-2012-3489)
    - Prevent access to external files/URLs via "contrib/xml2"'s
      libxslt offers the ability to read and write both files and URLs
      through stylesheet commands, thus allowing unprivileged database
      users to both read and write data with the privileges of the
      database server. Disable that through proper use of libxslt's
      security options. (CVE-2012-3488)
      Also, remove xslt_process()'s ability to fetch documents and
      stylesheets from external files/URLs. While this was a documented
      "feature", it was long regarded as a bad idea. The fix for
      CVE-2012-3489 broke that capability, and rather than expend effort
      on trying to fix it, we're just going to summarily remove it.
    - Lots of other bug fixes, see HISTORY/changelog.gz.
postgresql-9.1 (9.1.4-3) unstable; urgency=medium
  Urgency medium: Trivial changes, and fixes RC bug.
  [ Christoph Berg ]
  * debian/source/options: Ignore test suite .sql files, to fix building
    twice in a row; ignore .bzr-builddeb/default.conf so bzr checkouts can be
    built using dpkg-buildpackage.
  [ Martin Pitt ]
  * debian/postgresql-9.1.postrm: Do not remove the directories
    /var/{lib,log}/postgresql/, they are owned by the postgresql-common
    package. (Closes: #681966)
postgresql-9.1 (9.1.4-2) unstable; urgency=low
  [ Christoph Berg ]
  * Some cosmetic changes to control and rules file.
  * Add myself to Uploaders.
  [ Martin Pitt ]
  * Move pg_basebackup *.mo files and man page to -client-9.2. Thanks to Peter
    Eisentraut for spotting this. (Closes: #674421)
  * debian/postgresql-9.1.preinst: Remove postmaster.1.gz alternative on
    upgrades to this version, so that the postinst can rebuild it. This is
    necessary to drop pg_basebackup.1.gz from the server alternatives group,
    so that it can go into the client group.
  * debian/postgresql-9.1.preinst: Drop obsolete transition code.
  * debian/rules: Set -DLINUX_OOM_ADJ in CPPFLAGS, not in CFLAGS. Thanks Peter
    Eisentraut. (Closes: #668300)

Override entries for your package:
libecpg-compat3_9.1.5-1~bpo60+1_amd64.deb - optional libs
libecpg-dev_9.1.5-1~bpo60+1_amd64.deb - optional libdevel
libecpg6_9.1.5-1~bpo60+1_amd64.deb - optional libs
libpgtypes3_9.1.5-1~bpo60+1_amd64.deb - optional libs
libpq-dev_9.1.5-1~bpo60+1_amd64.deb - optional libdevel
libpq5_9.1.5-1~bpo60+1_amd64.deb - optional libs
postgresql-9.1-dbg_9.1.5-1~bpo60+1_amd64.deb - extra debug
postgresql-9.1_9.1.5-1~bpo60+1.dsc - source database
postgresql-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-client-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-contrib-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-doc-9.1_9.1.5-1~bpo60+1_all.deb - optional doc
postgresql-plperl-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-plpython-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-plpython3-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-pltcl-9.1_9.1.5-1~bpo60+1_amd64.deb - optional database
postgresql-server-dev-9.1_9.1.5-1~bpo60+1_amd64.deb - optional libdevel

Announcing to debian-backports-changes@lists.debian.org

Thank you for your contribution to backports.debian.org archive.
ibution to backports.debian.org archive.

Reply to: