[Pkg-postgresql-public] postgresql-8.4_8.4.22lts2-0+deb6u1_amd64.changes ACCEPTED into squeeze-lts

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri May 22 13:05:16 UTC 2015



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 19 May 2015 21:39:55 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client postgresql-doc postgresql-contrib
Architecture: source all amd64
Version: 8.4.22lts2-0+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <myon at debian.org>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql - object-relational SQL database (supported version)
 postgresql-8.4 - object-relational SQL database, version 8.4 server
 postgresql-client - front-end programs for PostgreSQL (supported version)
 postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
 postgresql-contrib - additional facilities for PostgreSQL (supported version)
 postgresql-contrib-8.4 - additional facilities for PostgreSQL
 postgresql-doc - documentation for the PostgreSQL database management system
 postgresql-doc-8.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Changes: 
 postgresql-8.4 (8.4.22lts2-0+deb6u1) squeeze-lts; urgency=medium
 .
   * New LTS version.
 .
     + Avoid possible crash when client disconnects just before the
       authentication timeout expires (Benkocs Norbert Attila)
 .
       If the timeout interrupt fired partway through the session shutdown
       sequence, SSL-related state would be freed twice, typically causing a
       crash and hence denial of service to other sessions.  Experimentation
       shows that an unauthenticated remote attacker could trigger the bug
       somewhat consistently, hence treat as security issue. (CVE-2015-3165)
 .
     + Improve detection of system-call failures (Noah Misch)
 .
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
 .
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
 .
     + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
       or corrupt data (Noah Misch)
 .
       Previously, some cases of decryption with an incorrect key could report
       other error message texts.  It has been shown that such variance in
       error reports can aid attackers in recovering keys from other systems.
       While it's unknown whether pgcrypto's specific behaviors are likewise
       exploitable, it seems better to avoid the risk by using a
       one-size-fits-all message. (CVE-2015-3167)
 .
   * Repository moved to git, update Vcs headers.
Checksums-Sha1: 
 6f9ed3f65aff2b9552600b539da483a36b94037e 3374 postgresql-8.4_8.4.22lts2-0+deb6u1.dsc
 1d99714bf1528207b6e1953069ecaff8e14ce7a4 18410805 postgresql-8.4_8.4.22lts2.orig.tar.gz
 97d7fb7f67d5bd06255176f22df1f756dd27d88e 61622 postgresql-8.4_8.4.22lts2-0+deb6u1.diff.gz
 11a9f5c4c220b270bfc1caebe397f50924870146 2241086 postgresql-doc-8.4_8.4.22lts2-0+deb6u1_all.deb
 407c3875bbc53deda071fb8f00bac60aa42e4f77 36500 postgresql_8.4.22lts2-0+deb6u1_all.deb
 cf1f9e27ab0944781da036479072f4a3acd4c146 36470 postgresql-client_8.4.22lts2-0+deb6u1_all.deb
 f64b3603985430b4ee01d8a0b8b876178b7dcfa7 36310 postgresql-doc_8.4.22lts2-0+deb6u1_all.deb
 de2fb8d1719c41f028c1bc287cc8b5714832b3f0 36370 postgresql-contrib_8.4.22lts2-0+deb6u1_all.deb
 96e208810f0b054583dbc8be2bfe94fb62697ce9 628814 libpq-dev_8.4.22lts2-0+deb6u1_amd64.deb
 fe934f8a734c934f6b26ac7348f0b50be3a6396f 360742 libpq5_8.4.22lts2-0+deb6u1_amd64.deb
 419c7cbcce16a348575cbf79cf4705de1d0689e4 160942 libecpg6_8.4.22lts2-0+deb6u1_amd64.deb
 384f504e8d77534aa2092d7e2c0b682b95c44779 517782 libecpg-dev_8.4.22lts2-0+deb6u1_amd64.deb
 f8915fb19f30c6454b624090218eb8659caea952 54890 libecpg-compat3_8.4.22lts2-0+deb6u1_amd64.deb
 2d083d2fda4e5407cd4abce12e2dcf57cd46d204 108094 libpgtypes3_8.4.22lts2-0+deb6u1_amd64.deb
 aaf5fe2fb41c34a8fa638c1d59486d9fecec2f56 10372342 postgresql-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 2ea4bda85117236e604f27a86dfd025bfbd50d2e 2235578 postgresql-client-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 3423f917b41afb6243bd2ccea548ae85ff590b8b 708880 postgresql-server-dev-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 8d6021247e5533814ee754dc2f5c92800d1cdc4e 1337570 postgresql-contrib-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 3fae62e4cd51c996a95880df60171e73577ef583 153756 postgresql-plperl-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 c3c905a7f8de2ab3242ed1d2596e155b7fb3ed81 118044 postgresql-plpython-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 be4fdef2f25c4c8976e4e03c1fd4357187998740 89958 postgresql-pltcl-8.4_8.4.22lts2-0+deb6u1_amd64.deb
Checksums-Sha256: 
 b87a58a8b48cfa2e22263bac7b96921b08b5776a8006d4e2ce196e7e827b5aca 3374 postgresql-8.4_8.4.22lts2-0+deb6u1.dsc
 fb8debf8fdfdb76d99cb49195119d05d5f8d7a7538f9d42c760bbfa581709131 18410805 postgresql-8.4_8.4.22lts2.orig.tar.gz
 912b7f7c1f7f5470d7ab8288b8bda8b6e3ef3e28c31b4e65687d69fa241ed0e2 61622 postgresql-8.4_8.4.22lts2-0+deb6u1.diff.gz
 befc7014a0a2b152e3f76ffb53ac6aeee4f8c2654033dfddec492f9bcc3800bc 2241086 postgresql-doc-8.4_8.4.22lts2-0+deb6u1_all.deb
 514caf645339c5d994f0feeb76f890688b809d49e03f98ccdf3863e22f3f9645 36500 postgresql_8.4.22lts2-0+deb6u1_all.deb
 f4b4000bae4f161e669f4e1707b38362fb7551a47528722cea1876289e2d9242 36470 postgresql-client_8.4.22lts2-0+deb6u1_all.deb
 6592a53537673412a511b26accc2867d9239b9a47f7310275a0453ffbda0a028 36310 postgresql-doc_8.4.22lts2-0+deb6u1_all.deb
 ac951498a452ee145d5436187d36201dc023eb78852b2b851f1c7ce33b38b6c6 36370 postgresql-contrib_8.4.22lts2-0+deb6u1_all.deb
 7ddfce41274482d683b206101b6fee6c22f9f048df44b4381720385e2d054542 628814 libpq-dev_8.4.22lts2-0+deb6u1_amd64.deb
 3b8f8512f4543bcd8f038dfa2ce8623c0715808bbe6e42de58a416ecf59dd9ee 360742 libpq5_8.4.22lts2-0+deb6u1_amd64.deb
 76c255d3b6fc9cbb4f01e39e39def9c9e1f6d59060c66ad7b5e4d85353dd2b16 160942 libecpg6_8.4.22lts2-0+deb6u1_amd64.deb
 1072dacf889b568f141bc828e02b65c8a2cc63c7e2be1ed34a6b8e1958119297 517782 libecpg-dev_8.4.22lts2-0+deb6u1_amd64.deb
 097e9dff7478a211a9ab626259d95e0a78ad2256aeff407dace93c6ef0abad26 54890 libecpg-compat3_8.4.22lts2-0+deb6u1_amd64.deb
 35831c50c5f818bd0a784ebf819c74fadb36d575e67c6cfc654373454fa9d83a 108094 libpgtypes3_8.4.22lts2-0+deb6u1_amd64.deb
 8f2485332fe7fd343e27b25c3622899c1ec33c0c653276a16193ef1e460ce4b3 10372342 postgresql-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 2c90a8596c45922f8c64fce3caf38bc42d832871951d54cafc46a85f588fe030 2235578 postgresql-client-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 deaadc2fe8c9e0be000bcc567c4e77d7ecffa25f96df00993c620470b7725c64 708880 postgresql-server-dev-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 9a6304337469fb0ec859758def49ae315816db5e1acf652e154a309a45bce9f9 1337570 postgresql-contrib-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 a8898c630169429512a647430c99e71b649c82210f0af4005955ec2f28a5f82f 153756 postgresql-plperl-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 5c517246e841154c7819424c31a99b9855858be508b58aadac1fd254d2625df1 118044 postgresql-plpython-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 f9fc4f5f90b911f326e386ce43dcb55f2719450e9c4cb7cdfaa275ebbe0ca717 89958 postgresql-pltcl-8.4_8.4.22lts2-0+deb6u1_amd64.deb
Files: 
 33afdf038141c42d3feb786469c683e9 3374 database optional postgresql-8.4_8.4.22lts2-0+deb6u1.dsc
 80b1251362be004fbb604c7cd5f82c66 18410805 database optional postgresql-8.4_8.4.22lts2.orig.tar.gz
 a2888bfd31ffb64f4bf7df1c90654b66 61622 database optional postgresql-8.4_8.4.22lts2-0+deb6u1.diff.gz
 0323caba8873d47c0e71db890f52b765 2241086 doc optional postgresql-doc-8.4_8.4.22lts2-0+deb6u1_all.deb
 bfdc2dd9a7e92c75a52aadf584c75928 36500 database optional postgresql_8.4.22lts2-0+deb6u1_all.deb
 a01aa5382a0c3d796b33101b68da6387 36470 database optional postgresql-client_8.4.22lts2-0+deb6u1_all.deb
 1b796d1fe91bc4a7dbaeae13fea2a48c 36310 doc optional postgresql-doc_8.4.22lts2-0+deb6u1_all.deb
 ba305da4b2e9b5c3644468b88219efb7 36370 database optional postgresql-contrib_8.4.22lts2-0+deb6u1_all.deb
 0a064ef271a958eaa4660bd492dd004b 628814 libdevel optional libpq-dev_8.4.22lts2-0+deb6u1_amd64.deb
 e46f45b498727227865b7d4aa6b279d8 360742 libs optional libpq5_8.4.22lts2-0+deb6u1_amd64.deb
 795b46479334edc6f2cb7b7ad04858b7 160942 libs optional libecpg6_8.4.22lts2-0+deb6u1_amd64.deb
 8db203e4108f25f499d4ffbc8b49e167 517782 libdevel optional libecpg-dev_8.4.22lts2-0+deb6u1_amd64.deb
 20665b7c8b5c809a713979a43c3b4031 54890 libs optional libecpg-compat3_8.4.22lts2-0+deb6u1_amd64.deb
 9b5ff5c6ba7bda7771d1da0a84b1865e 108094 libs optional libpgtypes3_8.4.22lts2-0+deb6u1_amd64.deb
 1a7bd494d23dbd9a77e13c964d75289f 10372342 database optional postgresql-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 cc2d61e62332885a0034928f7a5a65c2 2235578 database optional postgresql-client-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 20207f0883a713126fc0526869d4b38f 708880 libdevel optional postgresql-server-dev-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 78938c3396ffbb7085dc00e60a39341e 1337570 database optional postgresql-contrib-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 b4ca0d1a167e1ffe99ab2cebc753edf8 153756 database optional postgresql-plperl-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 5cf9906ea2b74a6dead6a444c63ad56e 118044 database optional postgresql-plpython-8.4_8.4.22lts2-0+deb6u1_amd64.deb
 bf64a47a5fd306f638bb3794a31d7670 89958 database optional postgresql-pltcl-8.4_8.4.22lts2-0+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVXyeqAAoJEExaa6sS0qeuNMcP/RC2cyt7qXBVaQqNNb8Mv205
r1miurZRqo+ctcXDn2Hr2nydNfVRZV/eWJ8gXdOG0ZX/VnCPxT8Mn/Wey/mMWSrU
XS/Lhcl2TLfiW6OPmZXN9+Y3r3feJXW1IoKjNP6PQcOY+yq1su6vF3uYITfQnuzW
MJIZgZBshWBW0raokbMwcG0QI5PWiZq88aeCHaRAhXCvIVFPAj33tCnL5et77t1h
YFqtg31M46n2jpZi03pelJsKTc1PyvID80Si4TdlQcI8Ymfg/Hc9bfy943qO44WM
GEtPf93q2Q9Vpd8IlF7qD/JkadSaB0spWknEHEbnuOREAr4oa8J/oXtZnuUUlHyw
HuKS2dRR2bfh9h8Kmx56YcDVtE6Z+clc7NXkT/cMO7l4c+302DSVO4zCwVd2u++T
SERZCPCZne+QasMRA8WppzxXhGVwzTy+QUYgcFRRpJK6nBqWp+3hBplXCRo/3sZn
0dZc9Er1Ds7jMRQo9696lGk9pCCPDDqbE8D9qPbOHD8kYLeJSOsXdHbfesCpQXHp
MLgxdhZct7i7D4VL7Fl033p/ZEZ2HcdOtIB2U7yleL2Kk/7RkFQ0HXBHA1aOLeqU
HuedWcl6o4bQ+qZbU4jX3OoebSNSbrrHM/uRkRz1YmuMo7htFcFXPSEfylwCWnKv
424/tvs40OFqjsfgELnl
=zt93
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-postgresql-public mailing list