Accepted postgresql-7.4 1:7.4.19-0etch1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 04 Jan 2008 15:31:29 +0100
Source: postgresql-7.4
Binary: postgresql-plpython-7.4 postgresql-client-7.4 postgresql-7.4 postgresql-contrib-7.4 postgresql-doc-7.4 postgresql-plperl-7.4 postgresql-server-dev-7.4 postgresql-pltcl-7.4
Architecture: source i386 all
Version: 1:7.4.19-0etch1
Distribution: stable-security
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
postgresql-7.4 - object-relational SQL database, version 7.4 server
postgresql-client-7.4 - front-end programs for PostgreSQL 7.4
postgresql-contrib-7.4 - additional facilities for PostgreSQL
postgresql-doc-7.4 - documentation for the PostgreSQL database management system
postgresql-plperl-7.4 - PL/Perl procedural language for PostgreSQL 7.4
postgresql-plpython-7.4 - PL/Python procedural language for PostgreSQL 7.4
postgresql-pltcl-7.4 - PL/Tcl procedural language for PostgreSQL 7.4
postgresql-server-dev-7.4 - development files for PostgreSQL 7.4 server-side programming
Changes:
postgresql-7.4 (1:7.4.19-0etch1) stable-security; urgency=low
.
* New upstream bugfix release 7.4.18:
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
[CVE-2007-3278, CVE-2007-3280]
- Make "CREATE DOMAIN ... DEFAULT NULL" work properly.
- Fix excessive logging of SSL error messages.
- Fix crash when log_min_error_statement logging runs out of memory.
- Prevent "CLUSTER" from failing due to attempting to process
temporary tables of other sessions.
* New upstream security/bugfix release 7.4.19:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Fix potential crash in translate() when using a multibyte database
encoding.
- Fix PL/Python to not crash on long exception messages.
- ecpg parser fixes.
- Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly.
- Fix crash of to_tsvector() on huge input strings.
* debian/patches/21_krb5_check_hostname.patch: Adapt to new upstream
release.
Files:
7ee8eddca94332da692274ba8cfe7c32 1126 misc optional postgresql-7.4_7.4.19-0etch1.dsc
b2b5c751263ddbe930f968f27681c862 10031202 misc optional postgresql-7.4_7.4.19.orig.tar.gz
ad11d2450a6067420202adc76be2f3ca 33402 misc optional postgresql-7.4_7.4.19-0etch1.diff.gz
cd876c31c255ffd93961a8b7648fd1ce 1282356 doc optional postgresql-doc-7.4_7.4.19-0etch1_all.deb
a2c72ce7fec9195113d71cda830583b4 525244 libdevel optional postgresql-server-dev-7.4_7.4.19-0etch1_all.deb
5cac69d1baa16515d9bc144400683643 3382724 misc optional postgresql-7.4_7.4.19-0etch1_i386.deb
c5223d3a56a48fb86728a5f0e034e6e4 1110108 misc optional postgresql-client-7.4_7.4.19-0etch1_i386.deb
d0f1dcad3e13a6130cb467116a40ee1b 571698 misc optional postgresql-contrib-7.4_7.4.19-0etch1_i386.deb
812343b3e8d4ffb11584ff8f671d568d 121542 misc optional postgresql-plperl-7.4_7.4.19-0etch1_i386.deb
ed3cc8ed8a76701355a7264dad818f01 123904 misc optional postgresql-plpython-7.4_7.4.19-0etch1_i386.deb
92dd9cd7a1fbbb8656d700723689775d 125898 misc optional postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHh5qeDecnbV4Fd/IRAtjGAKDrrtj1QsHT+Sh9t+C209f3W55oqQCfZbeP
Lrup4Dm8TZtX8AE0XKwPoP8=
=SDgT
-----END PGP SIGNATURE-----
Accepted:
postgresql-7.4_7.4.19-0etch1.diff.gz
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.diff.gz
postgresql-7.4_7.4.19-0etch1.dsc
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.dsc
postgresql-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_i386.deb
postgresql-7.4_7.4.19.orig.tar.gz
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19.orig.tar.gz
postgresql-client-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_i386.deb
postgresql-contrib-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_i386.deb
postgresql-doc-7.4_7.4.19-0etch1_all.deb
to pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.19-0etch1_all.deb
postgresql-plperl-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_i386.deb
postgresql-plpython-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_i386.deb
postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb
postgresql-server-dev-7.4_7.4.19-0etch1_all.deb
to pool/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.19-0etch1_all.deb
Reply to: