Accepted postgresql-9.6 9.6.22-0+deb9u1 (source) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted postgresql-9.6 9.6.22-0+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 13 May 2021 13:20:12 +0000
Message-id: <[🔎] E1lhBG8-0001Bu-Pc@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 May 2021 16:53:28 +0200
Source: postgresql-9.6
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6
Architecture: source
Version: 9.6.22-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.6 - object-relational SQL database, version 9.6 server
 postgresql-9.6-dbg - debug symbols for postgresql-9.6
 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6
 postgresql-contrib-9.6 - additional facilities for PostgreSQL
 postgresql-doc-9.6 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6
 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6
 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6
 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6
 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming
Changes:
 postgresql-9.6 (9.6.22-0+deb9u1) stretch-security; urgency=medium
 .
   * New upstream version.
 .
     + Prevent integer overflows in array subscripting calculations (Tom Lane)
 .
       The array code previously did not complain about cases where an array's
       lower bound plus length overflows an integer.  This resulted in later
       entries in the array becoming inaccessible (since their subscripts could
       not be written as integers), but more importantly it confused subsequent
       assignment operations.  This could lead to memory overwrites, with
       ensuing crashes or unwanted data modifications. (CVE-2021-32027)
 .
     + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
       target lists (Tom Lane)
 .
       If the UPDATE list contains any multi-column sub-selects (which give
       rise to junk columns in addition to the results proper), the UPDATE path
       would end up storing tuples that include the values of the extra junk
       columns. That's fairly harmless in the short run, but if new columns are
       added to the table then the values would become accessible, possibly
       leading to malfunctions if they don't match the datatypes of the added
       columns.
 .
       In addition, in versions supporting cross-partition updates, a
       cross-partition update triggered by such a case had the reverse problem:
       the junk columns were removed from the target list, typically causing an
       immediate crash due to malfunction of the multi-column sub-select
       mechanism. (CVE-2021-32028)
Checksums-Sha1:
 0221bec6cfbc94ca62d1e9bf4fed46a505074c86 3698 postgresql-9.6_9.6.22-0+deb9u1.dsc
 e56f90d8c25443d61c09226c011ae53eaff58bd8 19003741 postgresql-9.6_9.6.22.orig.tar.bz2
 ad980e177da07c3715c90ccddf4abd9391251d1a 31704 postgresql-9.6_9.6.22-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 c69b4176119c6c0007fd9a03c984c306650c0e4068c5d873112c53e6984e56df 3698 postgresql-9.6_9.6.22-0+deb9u1.dsc
 3d32cd101025a0556813397c69feff3df3d63736adb8adeaf365c522f39f2930 19003741 postgresql-9.6_9.6.22.orig.tar.bz2
 2ec62b227070c70fadeb47f1ff4309c9fb888960fff182de2cf85057063e24f3 31704 postgresql-9.6_9.6.22-0+deb9u1.debian.tar.xz
Files:
 72b22e94e6cbc8030360881186aeb550 3698 database optional postgresql-9.6_9.6.22-0+deb9u1.dsc
 f4aca4bd2f0541fb5612f9c8cabaa242 19003741 database optional postgresql-9.6_9.6.22.orig.tar.bz2
 dafa954d7815394262ed9695e3af10af 31704 database optional postgresql-9.6_9.6.22-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmCc6DcACgkQTFprqxLS
p64oUg/9FLe1/UzrRSIm8LaJXuWns2NNJYPWYbDtOYHyAw52XrgsXBhR6mCdYm5a
9nazCqEBMlXV8YGtLRZZWvS4JW7C+NqYyA7NNX+6r3Ox/9/La4nBpzRPb8PFL9Ue
biP/hlBl5QuUWGDUcIBgDqNlf+ZuKawaulsiECgtIcFpY0VPsW5pDirVeL+p9wlA
GOAug9TzEu8/h52zleG+SCHXTTdAOBFy+4nsA5+ox69zFGCWWohM8zMlZr8FMP8U
B6mhWhtD3EVPHnEUQMkWfCqMFiFjs1Y0VYKodQ0IrFjgD4MdV3//QjHaRiM40eqC
qcSdcf2h7oTx8G6kluhiws7gRMXkmhhZsKlVPIsKH6vgBTuoj+Cg1XU++52D99O4
xz3cfUvy4AzDYq08hOtncv83YrwQr3gkWdsoRaWzYS3n4OiFI3K2pLDmifQDI91C
VFLPJK2nGJfAPplTQ9U6bE+ioPrhjmo+uVX/BfnHThucGKyRz7d5jcHlzj6r/pHT
hJCQqVQx1MDaWyVqwUK5eHXWxbrETffoC3hj21rPub5odajIf577HNZ0bvonMOYB
MAsT9TU9hDMRS2Pk4VjXtB8CIat18BSBn7MEcY1JhywXrHNAukED8a6mDT54H4Kq
KF3VvJZYQl66zBu30P5mDsY6cyxU0L9AT3W21geJbnqPVCylTQU=
=3qBK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted graphviz 2.38.0-17+deb9u1 (source amd64 all) into oldstable
Next by Date: Accepted libgetdata 0.9.4-1+deb9u1 (source) into oldstable
Previous by thread: Accepted graphviz 2.38.0-17+deb9u1 (source amd64 all) into oldstable
Next by thread: Accepted libgetdata 0.9.4-1+deb9u1 (source) into oldstable
Index(es):
- Date
- Thread