[Pkg-postgresql-public] postgresql-9.1/wheezy

Christoph Berg myon at debian.org
Thu Feb 5 15:51:09 UTC 2015

Hi security team,

I've just uploaded postgresql-9.1 9.1.15-0+deb7u1 to security-master.

The changelog is:

postgresql-9.1 (9.1.15-0+deb7u1) wheezy-security; urgency=medium

  * New upstream release.
    + Fix buffer overruns in to_char() (CVE-2015-0241)
    + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
    + Fix possible loss of frontend/backend protocol synchronization after an
      error (CVE-2015-0244)
    + Fix information leak via constraint-violation error messages

 -- Christoph Berg <christoph.berg at credativ.de>  Thu, 05 Feb 2015 15:42:54 +0100

A longer explanation of the CVEs is at:

Note that the CVEs I didn't mention in the Debian changelog are not
applicable to us (we aren't running on Windows).

Please issue a DSA for this. If I can be of any help, ping me on IRC
or by mail.

cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150205/3b9ddaa3/attachment.sig>

More information about the Pkg-postgresql-public mailing list