[Pkg-postgresql-public] postgresql-9.1_9.1.5-1_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Aug 17 22:36:35 UTC 2012
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Aug 2012 14:41:52 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source amd64 all
Version: 9.1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt at debian.org>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.1 - object-relational SQL database, version 9.1 server
postgresql-9.1-dbg - debug symbols for postgresql-9.1
postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
postgresql-contrib-9.1 - additional facilities for PostgreSQL
postgresql-doc-9.1 - documentation for the PostgreSQL database management system
postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Changes:
postgresql-9.1 (9.1.5-1) unstable; urgency=medium
.
* Urgency medium due to security fixes and bug fixes which should reach
Wheezy quickly.
* New upstream bug fix/security release:
- Prevent access to external files/URLs via XML entity references.
xml_parse() would attempt to fetch external files or URLs as needed
to resolve DTD and entity references in an XML value, thus allowing
unprivileged database users to attempt to fetch data with the
privileges of the database server. While the external data wouldn't
get returned directly to the user, portions of it could be exposed
in error messages if the data didn't parse as valid XML; and in any
case the mere ability to check existence of a file might be useful
to an attacker. (CVE-2012-3489)
- Prevent access to external files/URLs via "contrib/xml2"'s
xslt_process().
libxslt offers the ability to read and write both files and URLs
through stylesheet commands, thus allowing unprivileged database
users to both read and write data with the privileges of the
database server. Disable that through proper use of libxslt's
security options. (CVE-2012-3488)
Also, remove xslt_process()'s ability to fetch documents and
stylesheets from external files/URLs. While this was a documented
"feature", it was long regarded as a bad idea. The fix for
CVE-2012-3489 broke that capability, and rather than expend effort
on trying to fix it, we're just going to summarily remove it.
- Lots of other bug fixes, see HISTORY/changelog.gz.
Checksums-Sha1:
e89d78a7dee963bf9716bf1c493003aa20e771e6 3287 postgresql-9.1_9.1.5-1.dsc
8411f39e7cff8d691d908de7823b72426433faa2 15602594 postgresql-9.1_9.1.5.orig.tar.bz2
fdedbdeefd963c5877b4f7153ac646c4c2d63f63 33630 postgresql-9.1_9.1.5-1.debian.tar.gz
c7175cdeafa30dfba70861a4f765236d923118ca 623298 libpq-dev_9.1.5-1_amd64.deb
eb688dc05d53e2c3c1c66e0e36fa61572771dc45 536716 libpq5_9.1.5-1_amd64.deb
55ae556ccd4f007220730c9e1c0d2afa1c1bdf7e 481458 libecpg6_9.1.5-1_amd64.deb
474ff06f55d349904f88475e1b51681d9d3a92af 651654 libecpg-dev_9.1.5-1_amd64.deb
5a5ca908e9e4a213a49712ebf244d81f6ddb0508 398280 libecpg-compat3_9.1.5-1_amd64.deb
7731ca2bbbde6e3bd827d115c544d1b54f3fca4c 422408 libpgtypes3_9.1.5-1_amd64.deb
4e7a0cdb24ad719089cb119b245629965ca8a48d 6304366 postgresql-9.1_9.1.5-1_amd64.deb
dd1522c33f433c04eb1482d1e37abe1927234a9e 11386016 postgresql-9.1-dbg_9.1.5-1_amd64.deb
26cfab95e93ad1b5408458e7fb7b569f6c14587f 2018898 postgresql-client-9.1_9.1.5-1_amd64.deb
16b5f4dadc7ddb4e15dcd7e34d637bf2fcd9ca48 1067536 postgresql-server-dev-9.1_9.1.5-1_amd64.deb
b995566e2dd8938fbeebd054313b19c09c75e7ef 2948802 postgresql-doc-9.1_9.1.5-1_all.deb
ad01a9da47f5867bc01d436ef7a18b78b40318e9 862804 postgresql-contrib-9.1_9.1.5-1_amd64.deb
a138f50346adbfea122e97af36edf8b860d4b67c 447270 postgresql-plperl-9.1_9.1.5-1_amd64.deb
b64b240b753705a4e8bd5bc0266ebabb1b35a164 428890 postgresql-plpython-9.1_9.1.5-1_amd64.deb
891999b506a23cf74b366d030b35c5509dcdbdf9 428566 postgresql-plpython3-9.1_9.1.5-1_amd64.deb
735acee6ab949041fb7728150a1482f7eb055969 415392 postgresql-pltcl-9.1_9.1.5-1_amd64.deb
Checksums-Sha256:
9f7aba30e5f0aafd58035656d015b79471bacc1033bb518102078ad4b2fd92a2 3287 postgresql-9.1_9.1.5-1.dsc
0b889c132426fc68d8c2eb1bf112bf99cc653e9c95b5f4bbebc55cd9a8d6ce44 15602594 postgresql-9.1_9.1.5.orig.tar.bz2
5989b1dae6525ed1c47f7400fa71abb3de5c5fb893a63ff92e6d469a7e66f934 33630 postgresql-9.1_9.1.5-1.debian.tar.gz
52b74d688ab5742a8ebad17061da8e1aa1a242295b8ade8083bd709a500aa439 623298 libpq-dev_9.1.5-1_amd64.deb
19cecd8804b60d8d490cec25bcd9b1b44e62cbc9d775f5e0ec21960e03870959 536716 libpq5_9.1.5-1_amd64.deb
ab0c9776ee45f21827145c2837be734b4de81a15341893b532a023c1b6e3b333 481458 libecpg6_9.1.5-1_amd64.deb
d4124c71f8a2ca128f8bf2172b5493c37318d36f9692c44a29d2437c16b47806 651654 libecpg-dev_9.1.5-1_amd64.deb
0b25f159331139b9df54aa2c784e6229770eb64840afab8b5b821de2a27f4fbc 398280 libecpg-compat3_9.1.5-1_amd64.deb
2fe380ab6e61f0b7263c4dde08c6fc4ba2a8edc78a0c5516aba9545744f58753 422408 libpgtypes3_9.1.5-1_amd64.deb
c635acaf8ab10ca3b64f9d6a2b699b8a2f5db26b1e527acfb23c86ab9af9c5c6 6304366 postgresql-9.1_9.1.5-1_amd64.deb
0b9eb67d023a61382d48b1719eb8d8cbfb0a08b7a5cbc9853ded4a1a324db72b 11386016 postgresql-9.1-dbg_9.1.5-1_amd64.deb
a3fa47e4efb0a1fc3607f03e6464335978bd6c022f6b2315301c2429787aa3f7 2018898 postgresql-client-9.1_9.1.5-1_amd64.deb
c7f0c20e211d3c241892951626483e9817a9aa584c9c776d5b4ec8009e270b4f 1067536 postgresql-server-dev-9.1_9.1.5-1_amd64.deb
2cf84ff51dd6d8086f6ac471c1e3a81c4f49b83a87979c21b7ac2eb68d2f2ce1 2948802 postgresql-doc-9.1_9.1.5-1_all.deb
037c89ba49851212be621568249598eb0415d1804d0246a1dcbf5ef2a5c94fb7 862804 postgresql-contrib-9.1_9.1.5-1_amd64.deb
9bd3ee89596ac2d68b312ea694877b9139ec53ba9a49823889741192e2f4bc13 447270 postgresql-plperl-9.1_9.1.5-1_amd64.deb
060c3492f08599bfc96e50a3fd013f8d7775bc73bbe0396dd0942eb4b1303787 428890 postgresql-plpython-9.1_9.1.5-1_amd64.deb
9deedd72b48814c6019567f8977bed8485dd6293cde183c2e44bd49aaee06311 428566 postgresql-plpython3-9.1_9.1.5-1_amd64.deb
264832d0253195ea734bf2940914aa26b1bbc82df29c9730d5133be672f95b3f 415392 postgresql-pltcl-9.1_9.1.5-1_amd64.deb
Files:
8cbd4205bd1cc43db9eb09a69aa3b17b 3287 database optional postgresql-9.1_9.1.5-1.dsc
c784decb60615aa94c6a31601bc6ffd2 15602594 database optional postgresql-9.1_9.1.5.orig.tar.bz2
df9b6b9bbea8be7ffa8c4ea61ff4c9c4 33630 database optional postgresql-9.1_9.1.5-1.debian.tar.gz
d24823e7edef1b62aebbaabefd020ed1 623298 libdevel optional libpq-dev_9.1.5-1_amd64.deb
0b38ae65bcb35efcecae3638d878cb1a 536716 libs optional libpq5_9.1.5-1_amd64.deb
10b572d4070089e0afeb1a7c8be78bbe 481458 libs optional libecpg6_9.1.5-1_amd64.deb
fca9b32369a8fc9098239b39ad6f3fd5 651654 libdevel optional libecpg-dev_9.1.5-1_amd64.deb
55af64d740b5b5a8458af835975c138e 398280 libs optional libecpg-compat3_9.1.5-1_amd64.deb
d01ab798e04e99d4a4ee8647c3614aa8 422408 libs optional libpgtypes3_9.1.5-1_amd64.deb
e94a7c3c7493e87b7b656c526616881b 6304366 database optional postgresql-9.1_9.1.5-1_amd64.deb
2fedaa921eda8999433f87b1acbdcc86 11386016 debug extra postgresql-9.1-dbg_9.1.5-1_amd64.deb
ba639f798263f3d528f60de3375c801b 2018898 database optional postgresql-client-9.1_9.1.5-1_amd64.deb
9b095f91b3492f1a42cf9cbe90f33d8c 1067536 libdevel optional postgresql-server-dev-9.1_9.1.5-1_amd64.deb
73b43db64b6a5ad36d07f556f2e02d0f 2948802 doc optional postgresql-doc-9.1_9.1.5-1_all.deb
10558813179acb7ed4ff239ecf36dcea 862804 database optional postgresql-contrib-9.1_9.1.5-1_amd64.deb
beef203d271c7aed97cf342646b68f0b 447270 database optional postgresql-plperl-9.1_9.1.5-1_amd64.deb
85f4e4e892443dd6ba39fd131b5de797 428890 database optional postgresql-plpython-9.1_9.1.5-1_amd64.deb
c81e4b0039de074a63a8b524b0f1c706 428566 database optional postgresql-plpython3-9.1_9.1.5-1_amd64.deb
db42d356d706bb5dcfd616844d7b35c2 415392 database optional postgresql-pltcl-9.1_9.1.5-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQLkEsAAoJEPmIJawmtHufPmMQAJCiLK5elz4iukM8kSTa52hN
iac3C/Ia8IJpgkxEqwGMgWwFWr34N2uqUEmkcxu5hadrJ3f5hUeW1sXrCkCnvaBi
IzJD1Vbdh4jailLI3cMq3POHbrSQZnaZOaoygmniT1bh2hNYnaqbezvS15fUZfOJ
oCNMDmjLQ27796jPHSfNWCqPfjVebJu3B50MD6D6bOjV6BYbslu1vkQmIhW/iE7V
VjJW8XDR3djzsfMToBrLUc5JWxw/ib6hG0AEW7iyUoj2A+kyWFr7CyiNh0HwVqlM
1mx9SoXmISINNWP9eWvg0cZajNm2zLVaUslegTSRlwi0wEzx99VD5W8B804WWQTR
p+FAjbD5Yjj2EsGLCocjHg4+R3J0SN0ojGqOB1ClXfjZUFFxi8cBCYv/IX19V1fg
S3tYKO9fLl/K/tSzUjnXVTmq8l0xTmy0tyhIdUS1clBOMwU+i0fqbMgWzqGBxPcm
lfOeMPM4Fnzvn46gCqGt3007Q6f3wszYfGaUVst2rAaaD9fSt7jxji3KQTMRTP1+
ACfEb71ZELTGyeUwiMMaJLm4Guo4rGC/BhSkluL24a4bMbW2p1qEueBgd8D7X7iM
ckGLotc2A02EoXIm3ZUQ8xlT1LG3WUH8rWZaAj/Qa76V0VRdEAkuU+VCvYK9sjMq
gXxjbw1eZD/azmOeebI1
=dhPC
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-postgresql-public
mailing list