Bug#930799: unblock: postgresql-11/11.4-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package postgresql-11. The new version fixes
CVE-2019-10164.
debian/* diff:
diff --git a/debian/changelog b/debian/changelog
index d9bedcb..2f7e899 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+postgresql-11 (11.4-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Fix buffer-overflow hazards in SCRAM verifier parsing
+ (Jonathan Katz, Heikki Linnakangas, Michael Paquier)
+
+ Any authenticated user could cause a stack-based buffer overflow by
+ changing their own password to a purpose-crafted value. In addition to
+ the ability to crash the PostgreSQL server, this could suffice for
+ executing arbitrary code as the PostgreSQL operating system account.
+
+ A similar overflow hazard existed in libpq, which could allow a rogue
+ server to crash a client or perhaps execute arbitrary code as the
+ client's operating system account.
+
+ The PostgreSQL Project thanks Alexander Lakhin for reporting this
+ problem. (CVE-2019-10164)
+
+ -- Christoph Berg <myon@debian.org> Tue, 18 Jun 2019 11:03:14 +0200
+
postgresql-11 (11.3-1) unstable; urgency=medium
* New upstream version.
unblock postgresql-11/11.4-1
Christoph
Reply to: