Your message dated Sat, 22 Jun 2019 08:24:23 +0200 with message-id <54cdb497-2146-1ab2-1461-bc4b8c9241d0@debian.org> and subject line Re: Bug#930799: unblock: postgresql-11/11.4-1 has caused the Debian Bug report #930799, regarding unblock: postgresql-11/11.4-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 930799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930799 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: postgresql-11/11.4-1
- From: Christoph Berg <myon@debian.org>
- Date: Thu, 20 Jun 2019 22:00:49 +0200
- Message-id: <[🔎] 20190620200049.GA6692@msg.df7cb.de>
- Mail-followup-to: Christoph Berg <myon@debian.org>, Debian Bug Tracking System <submit@bugs.debian.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package postgresql-11. The new version fixes CVE-2019-10164. debian/* diff: diff --git a/debian/changelog b/debian/changelog index d9bedcb..2f7e899 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +postgresql-11 (11.4-1) unstable; urgency=medium + + * New upstream version. + + Fix buffer-overflow hazards in SCRAM verifier parsing + (Jonathan Katz, Heikki Linnakangas, Michael Paquier) + + Any authenticated user could cause a stack-based buffer overflow by + changing their own password to a purpose-crafted value. In addition to + the ability to crash the PostgreSQL server, this could suffice for + executing arbitrary code as the PostgreSQL operating system account. + + A similar overflow hazard existed in libpq, which could allow a rogue + server to crash a client or perhaps execute arbitrary code as the + client's operating system account. + + The PostgreSQL Project thanks Alexander Lakhin for reporting this + problem. (CVE-2019-10164) + + -- Christoph Berg <myon@debian.org> Tue, 18 Jun 2019 11:03:14 +0200 + postgresql-11 (11.3-1) unstable; urgency=medium * New upstream version. unblock postgresql-11/11.4-1 Christoph
--- End Message ---
--- Begin Message ---
- To: Christoph Berg <myon@debian.org>, 930799-done@bugs.debian.org
- Subject: Re: Bug#930799: unblock: postgresql-11/11.4-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Sat, 22 Jun 2019 08:24:23 +0200
- Message-id: <54cdb497-2146-1ab2-1461-bc4b8c9241d0@debian.org>
- In-reply-to: <[🔎] 20190620200049.GA6692@msg.df7cb.de>
- References: <[🔎] 20190620200049.GA6692@msg.df7cb.de>
Hi Christoph, On 20-06-2019 22:00, Christoph Berg wrote: > unblock postgresql-11/11.4-1 Unblocked, thanks. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---