[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted postgresql-9.4 9.4.5-0+deb8u1~bpo70+1 (source amd64 all) into wheezy-backports->backports-policy, wheezy-backports

Hash: SHA256

Format: 1.8
Date: Tue, 24 Nov 2015 15:46:13 +0100
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4
Architecture: source amd64 all
Version: 9.4.5-0+deb8u1~bpo70+1
Distribution: wheezy-backports
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg@credativ.de>
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.4 - object-relational SQL database, version 9.4 server
 postgresql-9.4-dbg - debug symbols for postgresql-9.4
 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4
 postgresql-contrib-9.4 - additional facilities for PostgreSQL
 postgresql-doc-9.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4
 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4
 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4
 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4
 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming
Closes: 706849 749686 750111 750112 756627 757520 760564 762389 763098 764705 786874
 postgresql-9.4 (9.4.5-0+deb8u1~bpo70+1) wheezy-backports; urgency=low
   * Rebuild for wheezy-backports.
 postgresql-9.4 (9.4.5-0+deb8u1) jessie-security; urgency=medium
   * New upstream security release.
     + Guard against stack overflows in json parsing (Oskari Saarenmaa)
       If an application constructs PostgreSQL json or jsonb values from
       arbitrary user input, the application's users can reliably crash the
       PostgreSQL server, causing momentary denial of service.  (CVE-2015-5289)
     + Fix contrib/pgcrypto to detect and report too-short crypt() salts
       (Josh Kupershmidt)
       Certain invalid salt arguments crashed the server or disclosed a few
       bytes of server memory.  We have not ruled out the viability of attacks
       that arrange for presence of confidential information in the disclosed
       bytes, but they seem unlikely.  (CVE-2015-5288)
 postgresql-9.4 (9.4.4-0+deb8u1) jessie; urgency=medium
   * New upstream version.
     + Fix possible failure to recover from an inconsistent database state
     + Fix rare failure to invalidate relation cache init file
 postgresql-9.4 (9.4.3-0+deb8u1) jessie; urgency=medium
   * New upstream version:
     Avoid failures while fsync'ing data directory during crash restart
     (Abhijit Menon-Sen, Tom Lane; Closes: #786874)
 postgresql-9.4 (9.4.2-0+deb8u1) stable-security; urgency=medium
   * New upstream version.
     + Avoid possible crash when client disconnects just before the
       authentication timeout expires (Benkocs Norbert Attila)
       If the timeout interrupt fired partway through the session shutdown
       sequence, SSL-related state would be freed twice, typically causing a
       crash and hence denial of service to other sessions.  Experimentation
       shows that an unauthenticated remote attacker could trigger the bug
       somewhat consistently, hence treat as security issue. (CVE-2015-3165)
     + Improve detection of system-call failures (Noah Misch)
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
     + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
       or corrupt data (Noah Misch)
       Previously, some cases of decryption with an incorrect key could report
       other error message texts.  It has been shown that such variance in
       error reports can aid attackers in recovering keys from other systems.
       While it's unknown whether pgcrypto's specific behaviors are likewise
       exploitable, it seems better to avoid the risk by using a
       one-size-fits-all message. (CVE-2015-3167)
     + Protect against wraparound of multixact member IDs
       (Álvaro Herrera, Robert Haas, Thomas Munro)
       Under certain usage patterns, the existing defenses against this might
       be insufficient, allowing pg_multixact/members files to be removed too
       early, resulting in data loss.
       The fix for this includes modifying the server to fail transactions that
       would result in overwriting old multixact member ID data, and improving
       autovacuum to ensure it will act proactively to prevent multixact member
       ID wraparound, as it does for transaction ID wraparound.
   * Repository moved to git, update Vcs headers.
 postgresql-9.4 (9.4.1-1) unstable; urgency=medium
   * New upstream version.
     + libpq5: Name lookups fixed in minimal chroots (Closes: #756627)
     + Fix buffer overruns in to_char() (CVE-2015-0241)
     + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
     + Fix possible loss of frontend/backend protocol synchronization after an
       error (CVE-2015-0244)
     + Fix information leak via constraint-violation error messages
 postgresql-9.4 (9.4.0-1) unstable; urgency=medium
   * 9.4 released.
   * libpq5.symbols: PQhostaddr removed; it was new in 9.4.
 postgresql-9.4 (9.4~rc1-1) unstable; urgency=medium
   * First 9.4 RC release.
   * Update psql call in dump-reload instructions.
   * Reenable 010_pg_basebackup.t tests, fixed upstream.
 postgresql-9.4 (9.4~beta3-3) unstable; urgency=medium
   * Temporarily disable failing test in 010_pg_basebackup.t.
 postgresql-9.4 (9.4~beta3-2) unstable; urgency=medium
   * postgresql-9.4.preinst: Output detailed dump-reload instructions when
     refusing the package upgrade, and also add a NEWS item about it.
     (Closes: #764705)
   * Add libipc-run-perl for the regression tests which otherwise skip large
   * Update Standards-Version.
 postgresql-9.4 (9.4~beta3-1) unstable; urgency=medium
   * New upstream beta version.
     + Catalog version number changed, older 9.4 clusters need to be dumped and
     + Regexp regression fixed. (Closes: #760564)
     + CACHE_LINE_SIZE definition renamed to mitigate conflict on *BSD.
       (Closes: #763098)
   [ Martin Pitt ]
   * Add missing logrotate test dependency.
   [ Christoph Berg ]
   * Set Multi-Arch: foreign in postgresql-client-9.4 and postgresql-doc-9.4.
     (Closes: #757520; do it even on non-multiarch dists, it doesn't hurt.)
   * Fix postgresql_fdw in description, spotted by Zack Weinberg, thanks!
     (Closes: #762389)
 postgresql-9.4 (9.4~beta2-1) unstable; urgency=low
   * New upstream beta version.
     + Secure Unix-domain sockets of temporary postmasters started during make
       check (Noah Misch)
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
   * postgresql-9.4.preinst: Fail upgrade when upgrading from beta1, the
     catalog version changed. People should dump/remove their old clusters
   * Use util-linux' uuid lib as backend for the uuid-ossp extension
   * Enable sepgsql (--with-selinux). On systems with libselinux1-dev < 2.1.10,
     this is automatically disabled.
   * Revert multiarch for libpq-dev and libecpg-dev. (Closes: #750111, #750112)
   * Remove our pg_regress patches to support --host=/path. Implemented
     upstream as fix for CVE-2014-0067.
   * debian/copyright: Say that there are various copyright holders for the
     contrib modules. (Hello Lintian!)
   * Update Vcs URLs.
 postgresql-9.4 (9.4~beta1-2) experimental; urgency=medium
   * Update watch file for 9.4.
   * Enable multiarch support in libpq and friends. (Closes: #706849)
     Support is automatically disabled when the distribution does not support
   * Stop providing postgresql-dbg in postgresql-9.4-dbg. Its only purpose was
     to conflict with other postgresql-*-dbg packages, and that's no longer
     needed with build-id debug symbols.
   * Skip -pie on 32bit archs for performance and stability reasons.
     Closes: #749686; details at
   * Update contrib copyright statements, and move them to a separate file.
     Thanks to Thorsten Alteholz for reviewing the package.
 postgresql-9.4 (9.4~beta1-1) experimental; urgency=low
   * Update for 9.4. Packaging based on 9.3 branch.
   * Bump to debhelper 9 to get debug symbol files based on build-ids.
 8a4b113d19b9cf083db861a48ec49f94a7ee022d 3417 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.dsc
 266b8e92cdced161b6a98d4eda0810e4b61fcf49 17660960 postgresql-9.4_9.4.5.orig.tar.bz2
 52a0a03af210908b8204ec905b60aa24e427e5b3 24847 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.debian.tar.gz
 b5d076e6cf71075157b68b50768483679f837d13 160824 libpq-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 2cfc56aaff240e0bdb3c6383516e4d15b11b8303 122104 libpq5_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 a89519fb363353b6f83dae62ee34f5bd22ab0b38 78692 libecpg6_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 34207121b507017a9c28a0633a016b4038125e17 218242 libecpg-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 49f4f73c0f76dcdaeda9ff99c1ea10681fabea25 14652 libecpg-compat3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 29836035ddb2b3b65824d00983e83363ca7f20d7 36324 libpgtypes3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 65b9fbe3745049fd7473e542c7c9fc1098cfebf6 3657650 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 50d7308d8544434fdbc3e1e8979ba9ede246b98d 12407872 postgresql-9.4-dbg_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 92921e862bfe832f88fd93eb26b98dd785b25e86 1072670 postgresql-client-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 f4a7462fbc31bf2ed110d3d0ac48b5546d67a293 635426 postgresql-server-dev-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 0e6ad6ab5495f61e025fd9fdf9852af5a166b8f1 1826962 postgresql-doc-9.4_9.4.5-0+deb8u1~bpo70+1_all.deb
 de266cf9324e0726c3a5b2145e236ca79d77cbf8 438004 postgresql-contrib-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 2c98f52c96395939633f9ebe423df2a2a7ad6853 54554 postgresql-plperl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 702be8cbfda49988c040d4b7cf487971fedd923e 43668 postgresql-plpython-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 e02b3421a50cb4056edd88d6635f16cb7b5182f5 43768 postgresql-plpython3-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 bace2f419106d0a9d29178b7e80dd1686636f6e0 29446 postgresql-pltcl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 2fd9d56811a45b8d3e7c0bfc7073f56e8c4c4ce5fa5f4346abcfc7fdffe157e1 3417 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.dsc
 b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39 17660960 postgresql-9.4_9.4.5.orig.tar.bz2
 a62e1c0b4f7fd7b3aa9efc2fc02fa14fed579fc443d698e8c6764c060c1f4360 24847 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.debian.tar.gz
 0ab7c8003af5be9452c81e67fa51731205503117e4098d6ff37ede9657af8d4b 160824 libpq-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 1d0657f7f98cf8f127b9c9b8125a89fe0ed5a94a235a1b6e93e51490fd380c5f 122104 libpq5_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 9095680817633caf8835e1eb2ada58ceff350d8236bad851a1154a8a857f34b5 78692 libecpg6_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 2fcdbef3ad5ce9380602835759687c6d931b1c57feadf83c8666390a9bba67db 218242 libecpg-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 e58f0c108e1e1560118369beedcc949eb965cdf5ebfb3452efd963fbf18ae68e 14652 libecpg-compat3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 62a761048b8b2dae74494687dab9b93e5ea3da54d3b46fbc6408c5a84f44fc39 36324 libpgtypes3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 0befda642884b00878d0298bc731b1e2fb8e63680f3a1cac04084967bc848c6e 3657650 postgresql-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 784f44515f97712b2e3cac0fe3ccdba77aac0d5c9186e0165707290faaabbbf5 12407872 postgresql-9.4-dbg_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 e05cdfe1c3c90d7c1e4e21518e7ab3495ca26ab957f1c42f562e13e640b8e88a 1072670 postgresql-client-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 b7d90a15f44f27caf461cdbf4f270cf197650c27bae1ec3076b2778179c78189 635426 postgresql-server-dev-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 01edbf1aa4aa67d2525e347776dfe26e529773df6ddc4ab68e534c942fb2ddea 1826962 postgresql-doc-9.4_9.4.5-0+deb8u1~bpo70+1_all.deb
 1470f4d8c54062c9c1d78f366b32e9074d086f6c132bfcbbad292a9297850cd7 438004 postgresql-contrib-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 95c98d5663631125ed33fef5e8416092ef137d9dea3c0fb77517dd725af68b6b 54554 postgresql-plperl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 42879502b39cc61599f1999510f8102ad05d9ebca054602b8b69280ce620902a 43668 postgresql-plpython-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 f120e368257f048df17caa050973efe8bcb10556a2e51b7015ed35f9168d3c42 43768 postgresql-plpython3-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 f92bd38b0ef775200a4a3ad3e5eedd451ed0dc6e074eb901260d8ff5144f1da0 29446 postgresql-pltcl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 0bdb680820a15a4730ab274bf079839d 3417 database optional postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.dsc
 8b2e3472a8dc786649b4d02d02e039a0 17660960 database optional postgresql-9.4_9.4.5.orig.tar.bz2
 d2bc658dfb91c30985e9c630cfe75049 24847 database optional postgresql-9.4_9.4.5-0+deb8u1~bpo70+1.debian.tar.gz
 b2cc095a0aa6630f53d84e343cdb6ab7 160824 libdevel optional libpq-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 4976e41aef6c0ca3aae1b5a3787566df 122104 libs optional libpq5_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 acaeb18e18e01ca4d9db8b8b79dd5121 78692 libs optional libecpg6_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 83498454840cfccd17e5e5983c43617b 218242 libdevel optional libecpg-dev_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 0d1abb87d7753da17203f07f6440010a 14652 libs optional libecpg-compat3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 81f09f5e826075ef1f4afc166c8443a2 36324 libs optional libpgtypes3_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 681cbc65be45866b4a4515a19e41bba9 3657650 database optional postgresql-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 ce7e31551042a9455c58a5c5bf3a56c8 12407872 debug extra postgresql-9.4-dbg_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 df93389dfe548e728c2b8d4bc752f2e0 1072670 database optional postgresql-client-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 357aecf7f0350804bf43ca0b7e26384a 635426 libdevel optional postgresql-server-dev-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 e13b0fce251cb95c1ba203dea3795da6 1826962 doc optional postgresql-doc-9.4_9.4.5-0+deb8u1~bpo70+1_all.deb
 211c238f7f9b7ad089e04e3772f03e1b 438004 database optional postgresql-contrib-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 39b9a3c68f4c980aecb04de76fd64acf 54554 database optional postgresql-plperl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 cabf27310e2279f7df47e3c9e0cc3287 43668 database optional postgresql-plpython-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 3b4d9d221cb615cc857a6117b1e820bd 43768 database optional postgresql-plpython3-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb
 fce11983ade0c8623dc36af9f23418ab 29446 database optional postgresql-pltcl-9.4_9.4.5-0+deb8u1~bpo70+1_amd64.deb

Version: GnuPG v1


Reply to: