Bug#801317: wheezy-pu: package postgresql-9.1/9.1.19-0+deb7u1
Control: tags -1 + moreinfo
On Thu, 2015-10-08 at 17:21 +0200, Christoph Berg wrote:
> postgresql-9.1 (9.1.19-0+deb7u1) wheezy; urgency=medium
>
> * New upstream version.
>
> + Fix contrib/pgcrypto to detect and report too-short crypt() salts
> (Josh Kupershmidt)
>
> Certain invalid salt arguments crashed the server or disclosed a few
> bytes of server memory. We have not ruled out the viability of attacks
> that arrange for presence of confidential information in the disclosed
> bytes, but they seem unlikely. (CVE-2015-5288)
This appears to have been rejected by dak:
adsb@franck:~$ cat queue/reject/postgresql-9.1_9.1.19-0+deb7u1_source.changes.reason
postgresql-9.1_9.1.19-0+deb7u1.dsc: Refers to non-existing file 'postgresql-9.1_9.1.19-0+deb7u1.debian.tar.gz'
Perhaps you need to include the file in your upload?
Regards,
Adam
Reply to: