[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted postgresql-8.4 8.4.13-0squeeze1 (source all amd64)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 24 Aug 2012 08:25:46 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all amd64
Version: 8.4.13-0squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.4 - object-relational SQL database, version 8.4 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.4 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Changes: 
 postgresql-8.4 (8.4.13-0squeeze1) stable-security; urgency=low
 .
   * New upstream security/bug fix release:
     - Prevent access to external files/URLs via XML entity references.
       xml_parse() would attempt to fetch external files or URLs as needed
       to resolve DTD and entity references in an XML value, thus allowing
       unprivileged database users to attempt to fetch data with the
       privileges of the database server. While the external data wouldn't
       get returned directly to the user, portions of it could be exposed
       in error messages if the data didn't parse as valid XML; and in any
       case the mere ability to check existence of a file might be useful
       to an attacker. (CVE-2012-3489)
     - Prevent access to external files/URLs via "contrib/xml2"'s
       xslt_process().
       libxslt offers the ability to read and write both files and URLs
       through stylesheet commands, thus allowing unprivileged database
       users to both read and write data with the privileges of the
       database server. Disable that through proper use of libxslt's
       security options. (CVE-2012-3488)
       Also, remove xslt_process()'s ability to fetch documents and
       stylesheets from external files/URLs. While this was a documented
       "feature", it was long regarded as a bad idea. The fix for
       CVE-2012-3489 broke that capability, and rather than expend effort
       on trying to fix it, we're just going to summarily remove it.
     - Prevent too-early recycling of btree index pages.
       When we allowed read-only transactions to skip assigning XIDs, we
       introduced the possibility that a deleted btree page could be
       recycled while a read-only transaction was still in flight to it.
       This would result in incorrect index search results. The
       probability of such an error occurring in the field seems very low
       because of the timing requirements, but nonetheless it should be
       fixed.
     - Fix crash-safety bug with newly-created-or-reset sequences.
       If "ALTER SEQUENCE" was executed on a freshly created or reset
       sequence, and then precisely one nextval() call was made on it, and
       then the server crashed, WAL replay would restore the sequence to a
       state in which it appeared that no nextval() had been done, thus
       allowing the first sequence value to be returned again by the next
       nextval() call. In particular this could manifest for serial
       columns, since creation of a serial column's sequence includes an
       "ALTER SEQUENCE OWNED BY" step.
     - Ensure the "backup_label" file is fsync'd after pg_start_backup().
     - Back-patch 9.1 improvement to compress the fsync request queue.
       This improves performance during checkpoints. The 9.1 change has
       now seen enough field testing to seem safe to back-patch.
     - Only allow autovacuum to be auto-canceled by a directly blocked
       process.
       The original coding could allow inconsistent behavior in some
       cases; in particular, an autovacuum could get canceled after less
       than deadlock_timeout grace period.
     - Improve logging of autovacuum cancels.
     - Fix log collector so that log_truncate_on_rotation works during the
       very first log rotation after server start.
     - Fix WITH attached to a nested set operation
       (UNION/INTERSECT/EXCEPT).
     - Ensure that a whole-row reference to a subquery doesn't include any
       extra GROUP BY or ORDER BY columns.
     - Disallow copying whole-row references in CHECK constraints and
       index definitions during "CREATE TABLE".
       This situation can arise in "CREATE TABLE" with LIKE or INHERITS.
       The copied whole-row variable was incorrectly labeled with the row
       type of the original table not the new one. Rejecting the case
       seems reasonable for LIKE, since the row types might well diverge
       later. For INHERITS we should ideally allow it, with an implicit
       coercion to the parent table's row type; but that will require more
       work than seems safe to back-patch.
     - Fix memory leak in ARRAY(SELECT ...) subqueries.
     - Fix extraction of common prefixes from regular expressions.
       The code could get confused by quantified parenthesized
       subexpressions, such as ^(foo)?bar. This would lead to incorrect
       index optimization of searches for such patterns.
     - Fix bugs with parsing signed "hh":"mm" and "hh":"mm":"ss" fields in
       interval constants.
     - Report errors properly in "contrib/xml2"'s xslt_process().
Checksums-Sha1: 
 35840cc717955c54caf85e54d483d10f975be843 2267 postgresql-8.4_8.4.13-0squeeze1.dsc
 ad4ce9f1454b84b569cde755faf4501b7e4affff 16580461 postgresql-8.4_8.4.13-0squeeze1.tar.gz
 3cb9d702b922779fd28de87a12cf14c1966f2ac8 2194644 postgresql-doc-8.4_8.4.13-0squeeze1_all.deb
 179db3d5c0ca7f9437a8495cd1015b6134cffd87 31336 postgresql_8.4.13-0squeeze1_all.deb
 a9421983873367687fa607208d079da7b27a5fad 31308 postgresql-client_8.4.13-0squeeze1_all.deb
 5115e5795269214bdad44648440f1a467eefcdc8 31154 postgresql-doc_8.4.13-0squeeze1_all.deb
 52f1dc50f2301b615df9dcf39ba47669e1a75cb7 31208 postgresql-contrib_8.4.13-0squeeze1_all.deb
 2d4a74d9e2f5478839d9d865b73be6f1d28ff864 251304 libpq-dev_8.4.13-0squeeze1_amd64.deb
 78997ab2b902c453f011619640eb8abd0916997b 171030 libpq5_8.4.13-0squeeze1_amd64.deb
 8113c24c9ec1be9400b9f67165ea92ba362049dc 110126 libecpg6_8.4.13-0squeeze1_amd64.deb
 ba19f941e937609c14391605f78463a1c38f002b 269576 libecpg-dev_8.4.13-0squeeze1_amd64.deb
 a2f74a1dcd46bae72d9a25947c1671534e1c99a2 39284 libecpg-compat3_8.4.13-0squeeze1_amd64.deb
 7a76d0c083724b0932638f62123d2498278afee2 62882 libpgtypes3_8.4.13-0squeeze1_amd64.deb
 8410e4bc20b722827634d0a9163e9bec27141ce4 5636622 postgresql-8.4_8.4.13-0squeeze1_amd64.deb
 f944d7fe6bcbbf49f06f5c08ed1948077f2c1c1d 1602520 postgresql-client-8.4_8.4.13-0squeeze1_amd64.deb
 c9d6122e851f0f16e39602b84fea61b105892096 649164 postgresql-server-dev-8.4_8.4.13-0squeeze1_amd64.deb
 b891905f17f395df68ff9603a4d8d41f9d1c54a2 442538 postgresql-contrib-8.4_8.4.13-0squeeze1_amd64.deb
 0f91e61c94a9accf02d2dff317e09393ccd0cb14 69746 postgresql-plperl-8.4_8.4.13-0squeeze1_amd64.deb
 c650ef6b3041f91abd9c9c770c3bc38b0a0ff531 71996 postgresql-plpython-8.4_8.4.13-0squeeze1_amd64.deb
 d582f249089f4399f3596fbbd3d9982ff2c55d98 54832 postgresql-pltcl-8.4_8.4.13-0squeeze1_amd64.deb
Checksums-Sha256: 
 7d7a6c5fb68fa7cb21a1d22c538761419a6beeb9f0803a1cb7bc4798aa028e68 2267 postgresql-8.4_8.4.13-0squeeze1.dsc
 0cde6a8b06222737abb8ae2a721926cc37e209df1c715983862099204c2852b2 16580461 postgresql-8.4_8.4.13-0squeeze1.tar.gz
 1229b6c5020163e0d08a0591957bad6cf1e9b18ba86ef730e8b710447d594775 2194644 postgresql-doc-8.4_8.4.13-0squeeze1_all.deb
 70d0f7c614735caff76c3f221fda9d124e6ae4fb1c1e9d82f060e462479cf70d 31336 postgresql_8.4.13-0squeeze1_all.deb
 dfdb9a67a67f5c4f2b57ffc3a9afe5e4a844fd5bdcbcf060d29c2bd8b700dc11 31308 postgresql-client_8.4.13-0squeeze1_all.deb
 628890e9580ba19dd6f126344a45a74a63fb685d1d243088183fc68e20120a49 31154 postgresql-doc_8.4.13-0squeeze1_all.deb
 b56b3848f040316be585eafbd67a6a3ef845f7d5374d2e4be16e8bdfba03ac2b 31208 postgresql-contrib_8.4.13-0squeeze1_all.deb
 f262bc26057bf803e9f4beb10cdc00abc6085fc558b44c96e447f8409074d6ab 251304 libpq-dev_8.4.13-0squeeze1_amd64.deb
 819cf786bb967a85c7678f7fc799cc0dac945dd6e0bf9e331c81f37e8d5e451c 171030 libpq5_8.4.13-0squeeze1_amd64.deb
 a396961a68fe0adb826d2960a3bc4c904c6486344758b993334b337062630acf 110126 libecpg6_8.4.13-0squeeze1_amd64.deb
 7cb163c3c41f90ea7ce059a0fbaff361723f3eae797a5d061a04d2f7870aa00f 269576 libecpg-dev_8.4.13-0squeeze1_amd64.deb
 ee2cfe46ca5e686235f60245d7ee6323240a800e41e8866133a160c3ef1db444 39284 libecpg-compat3_8.4.13-0squeeze1_amd64.deb
 33e75410855a0f61b7b4d156ba9f9d510aaab6d7bb427f86d8682f8b257874ae 62882 libpgtypes3_8.4.13-0squeeze1_amd64.deb
 a6e8cae1978cf95ffd5e011bb2335d2dce68c8240e4549e39a1dff4c409f4b1d 5636622 postgresql-8.4_8.4.13-0squeeze1_amd64.deb
 d82ab5649cd947956f0b52db8a780c894abb47a7a25a0769545f28c1e8df0386 1602520 postgresql-client-8.4_8.4.13-0squeeze1_amd64.deb
 518c557db22a359e852f9060103abf5a0ea4319dd6c7b8e5d66912089c64c91a 649164 postgresql-server-dev-8.4_8.4.13-0squeeze1_amd64.deb
 8386b074b9133033a6a56ec6aa12dbbf064b1625836159043a560afc41bff65c 442538 postgresql-contrib-8.4_8.4.13-0squeeze1_amd64.deb
 84f328f8c006f613093af19b2b61c32e96cdaa924a204af06d557c1cd3337e20 69746 postgresql-plperl-8.4_8.4.13-0squeeze1_amd64.deb
 3d7ef19a226ff6fdff4b8e18da149c3f82b125a231e3ee95c9629b4076a21c91 71996 postgresql-plpython-8.4_8.4.13-0squeeze1_amd64.deb
 f190a44d2fa85329c605f9bd7445bee1b5bad8c32d4c1fa3d72412034a6a633c 54832 postgresql-pltcl-8.4_8.4.13-0squeeze1_amd64.deb
Files: 
 1133afdd010b20442338b66307bdcf86 2267 database optional postgresql-8.4_8.4.13-0squeeze1.dsc
 22ffdd275c03515b2eb1f9ab24c89f89 16580461 database optional postgresql-8.4_8.4.13-0squeeze1.tar.gz
 db8db18a4ac815a5519a3ef98346291b 2194644 doc optional postgresql-doc-8.4_8.4.13-0squeeze1_all.deb
 7748b3e6623e0e232454beb803e8d255 31336 database optional postgresql_8.4.13-0squeeze1_all.deb
 d00d0c28b13e34fd0b10b8e67f478464 31308 database optional postgresql-client_8.4.13-0squeeze1_all.deb
 999c86e6e7633cfa012988bbe432c74f 31154 doc optional postgresql-doc_8.4.13-0squeeze1_all.deb
 de3538574ce903bcb61818e09327eaa1 31208 database optional postgresql-contrib_8.4.13-0squeeze1_all.deb
 514054f8170e108e3792866d368189ae 251304 libdevel optional libpq-dev_8.4.13-0squeeze1_amd64.deb
 f5d68c7c474a7e45c613b995361f7c2f 171030 libs optional libpq5_8.4.13-0squeeze1_amd64.deb
 a6496f6bb46198f5b1e769fc4ffb1312 110126 libs optional libecpg6_8.4.13-0squeeze1_amd64.deb
 544a8289ec439ef30e13d0ca9eb9739d 269576 libdevel optional libecpg-dev_8.4.13-0squeeze1_amd64.deb
 30b02687427f39ae892c7e2b23e54272 39284 libs optional libecpg-compat3_8.4.13-0squeeze1_amd64.deb
 39688c5f5562feecafec4b6c553d784d 62882 libs optional libpgtypes3_8.4.13-0squeeze1_amd64.deb
 41c675da0000c66e749c0e241768fc69 5636622 database optional postgresql-8.4_8.4.13-0squeeze1_amd64.deb
 1e82dd31de25ab4e2bb74e79b53a5e28 1602520 database optional postgresql-client-8.4_8.4.13-0squeeze1_amd64.deb
 180f4b61f8da9d71c2411b563cc9f734 649164 libdevel optional postgresql-server-dev-8.4_8.4.13-0squeeze1_amd64.deb
 c5e8b52a4caf47afc1525a3ff1622c40 442538 database optional postgresql-contrib-8.4_8.4.13-0squeeze1_amd64.deb
 b14216af22db5ec4bd1add7432755201 69746 database optional postgresql-plperl-8.4_8.4.13-0squeeze1_amd64.deb
 da818dd32ca48e25a9a9774ae3944d62 71996 database optional postgresql-plpython-8.4_8.4.13-0squeeze1_amd64.deb
 0e2543933604f138d4ab1f7c2173ac0e 54832 database optional postgresql-pltcl-8.4_8.4.13-0squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQNyDEAAoJEPmIJawmtHufWDsP+wXTll7iVRwEnsZQwC/Kragr
Y+FPspc42wKLL0ZcOiEcKBXCsqajZVEZxN6HP3O3AuQUUlLP7Wyxm/ZQvz5LdfCL
+VifihkVZWtYqrRrWTguPw9vwA1/CI4q9irLb0sedFSfNHs/ufxsMm/e0hoWu8il
P7XwHAbw5RVoqoIWiRJGFpDTeqrMJIpJp4sR9G0nfQVAfWY6uf8Nc9QMQAXTrT6f
//8k7wNTNLnZfiGW4u6W2+aggnngfRsyxYJzXJe7Mh2nmJ31jk1CzHyfLrGHAQgt
U9zym3x+BZbUfElMejznx0Fg8i93HnqBWDQzx66ayqzS2ULUmPooNym37wGwtnEw
C934qig61udoTSVP1zIy8UxbVJdMFDu4KHQz7As3eY+4PfN0+U6lx/RzDKTUaIU3
e8UX32mH2mSia/B7q9aRfQAIcRs8qg0ms4MCmzUiWX2TDOo0U5nG08Gr9g3pUIRW
JhOzvi7VGFcGx0NmiCk/yCKIop+OzrnqznUPvAjARuMKuXfVyxGk74mw4CJqMSw2
MarsYIcla6QNT7LWa5lLtPABvyE8ddmJTAVE7VIusyePtDdlu4b64HEDLQIDYmFT
jMvGn2iPsI1CFgXLslrXYRddLRQ+RhuxPBK5IwKtEktvGE87kFJb7r/aDoxoK5d7
l3z3AnM8HzDq8nEvA2qn
=XvBm
-----END PGP SIGNATURE-----
Reply to: