Bug#930799: marked as done (unblock: postgresql-11/11.4-1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 22 Jun 2019 08:24:23 +0200
with message-id <54cdb497-2146-1ab2-1461-bc4b8c9241d0@debian.org>
and subject line Re: Bug#930799: unblock: postgresql-11/11.4-1
has caused the Debian Bug report #930799,
regarding unblock: postgresql-11/11.4-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
930799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930799
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: postgresql-11/11.4-1
• From: Christoph Berg <myon@debian.org>
• Date: Thu, 20 Jun 2019 22:00:49 +0200
• Message-id: <[🔎] 20190620200049.GA6692@msg.df7cb.de>
• Mail-followup-to: Christoph Berg <myon@debian.org>, Debian Bug Tracking System <submit@bugs.debian.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package postgresql-11. The new version fixes
CVE-2019-10164.

debian/* diff:

diff --git a/debian/changelog b/debian/changelog
index d9bedcb..2f7e899 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+postgresql-11 (11.4-1) unstable; urgency=medium
+
+  * New upstream version.
+    + Fix buffer-overflow hazards in SCRAM verifier parsing
+      (Jonathan Katz, Heikki Linnakangas, Michael Paquier)
+
+      Any authenticated user could cause a stack-based buffer overflow by
+      changing their own password to a purpose-crafted value.  In addition to
+      the ability to crash the PostgreSQL server, this could suffice for
+      executing arbitrary code as the PostgreSQL operating system account.
+
+      A similar overflow hazard existed in libpq, which could allow a rogue
+      server to crash a client or perhaps execute arbitrary code as the
+      client's operating system account.
+
+      The PostgreSQL Project thanks Alexander Lakhin for reporting this
+      problem.  (CVE-2019-10164)
+
+ -- Christoph Berg <myon@debian.org>  Tue, 18 Jun 2019 11:03:14 +0200
+
 postgresql-11 (11.3-1) unstable; urgency=medium

   * New upstream version.

unblock postgresql-11/11.4-1

Christoph

--- End Message ---

--- Begin Message ---

• To: Christoph Berg <myon@debian.org>, 930799-done@bugs.debian.org
• Subject: Re: Bug#930799: unblock: postgresql-11/11.4-1
• From: Paul Gevers <elbrus@debian.org>
• Date: Sat, 22 Jun 2019 08:24:23 +0200
• Message-id: <54cdb497-2146-1ab2-1461-bc4b8c9241d0@debian.org>
• In-reply-to: <[🔎] 20190620200049.GA6692@msg.df7cb.de>
• References: <[🔎] 20190620200049.GA6692@msg.df7cb.de>

Hi Christoph,

On 20-06-2019 22:00, Christoph Berg wrote:
> unblock postgresql-11/11.4-1

Unblocked, thanks.

Paul

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---