Accepted postgresql-9.6 9.6.24-0+deb9u1 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted postgresql-9.6 9.6.24-0+deb9u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 12 Nov 2021 08:20:14 +0000
Message-id: <[🔎] E1mlRnC-0006bK-Ev@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Nov 2021 08:56:48 +0100
Source: postgresql-9.6
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6
Architecture: source
Version: 9.6.24-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.6 - object-relational SQL database, version 9.6 server
 postgresql-9.6-dbg - debug symbols for postgresql-9.6
 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6
 postgresql-contrib-9.6 - additional facilities for PostgreSQL
 postgresql-doc-9.6 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6
 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6
 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6
 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6
 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming
Changes:
 postgresql-9.6 (9.6.24-0+deb9u1) stretch-security; urgency=medium
 .
   * New upstream release.
 .
     + Make the server and libpq reject extraneous data after an SSL or GSS
       encryption handshake (Tom Lane)
 .
       A man-in-the-middle with the ability to inject data into the TCP
       connection could stuff some cleartext data into the start of a
       supposedly encryption-protected database session.
 .
       This could be abused to send faked SQL commands to the server, although
       that would only work if the server did not demand any authentication
       data.  (However, a server relying on SSL certificate authentication
       might well not do so.) (CVE-2021-23214)
 .
       This could probably be abused to inject faked responses to the client's
       first few queries, although other details of libpq's behavior make that
       harder than it sounds.  A different line of attack is to exfiltrate the
       client's password, or other sensitive data that might be sent early in
       the session.  That has been shown to be possible with a server
       vulnerable to CVE-2021-23214. (CVE-2021-23222)
 .
       The PostgreSQL Project thanks Jacob Champion for reporting these
       problems.
Checksums-Sha1:
 b77b0b454e43be85c1d8854523992ecef0301ebe 3698 postgresql-9.6_9.6.24-0+deb9u1.dsc
 4a329b3bc5e88dccd37cf75955b6f7d5786890af 19047518 postgresql-9.6_9.6.24.orig.tar.bz2
 8b92f1c5ff1ad828e444f514aedd106e186d4ec9 32204 postgresql-9.6_9.6.24-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 5988758af14615a894d06843538e78aac2ce5c0727a7007de3b6c57e856f68df 3698 postgresql-9.6_9.6.24-0+deb9u1.dsc
 aeb7a196be3ebed1a7476ef565f39722187c108dd47da7489be9c4fcae982ace 19047518 postgresql-9.6_9.6.24.orig.tar.bz2
 c2952906f297b67d401cd782a821b64af139941801b77abcf1f7c3fce5876977 32204 postgresql-9.6_9.6.24-0+deb9u1.debian.tar.xz
Files:
 900e4fa1481fe205321a530bd979b59f 3698 database optional postgresql-9.6_9.6.24-0+deb9u1.dsc
 132c726216a0e4b8540fcf974d25dc06 19047518 database optional postgresql-9.6_9.6.24.orig.tar.bz2
 d5bb8dbe15c717e6a45ac3482cf15031 32204 database optional postgresql-9.6_9.6.24-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmGOHwYACgkQTFprqxLS
p67s7Q/+ImP+kiE4RyP/zeNs3Cp1U0pMRzQQUm/tz4DmLhlRYakD1fv344/IROc3
lWsS6sKJ99V8Rgf/P70FS0gJpB5+MEdlitsVtRAdd7/Wk2Bq7Gqd48GnaiMpQaSG
617koEykmhw4KFSJf8iXXDn07eQrqanZjW08SFpydGotQtAfCl2O8bEsqChGAlTr
l7Y3WEvxnJvTlpkVt0My3xJ/kde+LAeOIVXkxFOmhE3NfijIRXLJgMn1kDDw66Du
s7s5CsKW3OsB0JtB12XJ7aWAB5+btrNx/mFbaaTm/mFsK7haKzhK/APCjd+6bp7F
SFKoIbRhMdUajmoHpmq3cHL9d1WTU1Q5UnffDpN5en12EfWis4eeH+IBd38bZqJl
2rSS9UeNDGguxif3aCtI68Bg2E9TxHhhb6hBq72cWpIZpAcUM74S/IvmMfKHA8nt
v/n3Y4WvA7xzMJBlzoCJwwpVey0P+hcHWWQXYBz4kLIDD/imCWqPbuJcSbnG1EJd
h+NtBItaFu/wXw2qk1ZZIx9f3g7K9Vg2hSHmARjNcyYbxMxEdwbpRQGZI8CfUQVd
TvIuUnnXQQMU41ebMb6e8H2RHHi+Ala7JWy56Jd/dpBYliQj++i/0Evr1gM/GY6+
ZhNCs9rWUdEcMCqRulFf3hkWAYSm4It/vg3en81MbLw40fqgGEg=
=7n5A
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted icinga2 2.6.0-2+deb9u2 (source) into oldoldstable
Next by Date: Accepted ffmpeg 7:3.2.16-1+deb9u1 (source) into oldoldstable
Previous by thread: Accepted icinga2 2.6.0-2+deb9u2 (source) into oldoldstable
Next by thread: Accepted ffmpeg 7:3.2.16-1+deb9u1 (source) into oldoldstable
Index(es):
- Date
- Thread