[Pkg-postgresql-public] postgresql-9.1/wheezy
Christoph Berg
myon at debian.org
Thu Feb 5 15:51:09 UTC 2015
Hi security team,
I've just uploaded postgresql-9.1 9.1.15-0+deb7u1 to security-master.
The changelog is:
postgresql-9.1 (9.1.15-0+deb7u1) wheezy-security; urgency=medium
* New upstream release.
+ Fix buffer overruns in to_char() (CVE-2015-0241)
+ Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
+ Fix possible loss of frontend/backend protocol synchronization after an
error (CVE-2015-0244)
+ Fix information leak via constraint-violation error messages
(CVE-2014-8161)
-- Christoph Berg <christoph.berg at credativ.de> Thu, 05 Feb 2015 15:42:54 +0100
A longer explanation of the CVEs is at:
http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
Note that the CVEs I didn't mention in the Debian changelog are not
applicable to us (we aren't running on Windows).
Please issue a DSA for this. If I can be of any help, ping me on IRC
or by mail.
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150205/3b9ddaa3/attachment.sig>
More information about the Pkg-postgresql-public
mailing list