[Pkg-postgresql-public] postgresql-9.1_9.1.16-0+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri May 22 16:24:27 UTC 2015 

Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 May 2015 15:56:32 +0200
Source: postgresql-9.1
Binary: postgresql-plperl-9.1
Architecture: source amd64
Version: 9.1.16-0+deb8u1
Distribution: stable-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description:
 postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
Changes:
 postgresql-9.1 (9.1.16-0+deb8u1) stable-security; urgency=medium
 .
   * New upstream version, relevant PL/Perl change:
 .
     + Improve detection of system-call failures (Noah Misch)
 .
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
 .
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
 .
   * Repository moved to git, update Vcs headers.
Checksums-Sha1:
 e70f1caa6c68ebeb9d85d56895144035ec3b3c03 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc
 e6cdb1494cc90ede8c0a19ac2ea1c14dbf36d404 15814306 postgresql-9.1_9.1.16.orig.tar.bz2
 aa5e3c3d9967d809bc89024be8a65ae1851da749 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
 35ed30e196d7125a86ebfacbb46d3f17caa6fde0 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb
Checksums-Sha256:
 5a8cc29ef6c448bb3fa143044783d2516ff0ce8a11ee00b0497af083dcbe9d99 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc
 2b65e2f7d6171107b96d3e92f42b869ec21f3b4e920d8941e511111372909456 15814306 postgresql-9.1_9.1.16.orig.tar.bz2
 52f3b23471bd4d761e537b658c06b0086e4593e6eedc432fd9dc6bea06775c1e 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
 1785f860bdc5f8ea9885a1a8bc3ac67f7b1173446f2dfcbcaf5c6729019f8802 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb
Files:
 107a08972b48fb68571525d5e09aa3c3 2271 database optional postgresql-9.1_9.1.16-0+deb8u1.dsc
 db77f7ca6123ec6b71fee983a896a24b 15814306 database optional postgresql-9.1_9.1.16.orig.tar.bz2
 3afcd1f06de1ca17518b544f50a617ac 35248 database optional postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
 c3ba516fb8467f58c5fc7088a8b9ed7c 73278 database optional postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVXeXNAAoJEExaa6sS0qeuDAcP/2gkZnQddj5OApczDYsSKLMX
YAj2FFAcsAxEdpMxZ6o0Kdor0T7v6mBKhKsvhRABQII4LL7rlSrGU4s3hhrao3Yj
6rbyhhRcRdwYY98Vl1NxiU0RoBsNy1bdXcYK5MlXrSzA9JybIu3liCRwGblBWHQk
VcNwgII7boJ/xQAm20bAyVnnZBwob1YCYMrwzLeqjSomzcbu+JHRurHiU7iprfzy
cbBtOnEsbNsRuVKcT5C3E6gegFBbKS+8nkVvX2vVLUaNdcIJJS0dVm+6eWhuGZUD
rPhEPsBV44YOQlub+qjxFkaI81M71FKX/551+sxexXQiZ0ECmraW8Ce9SQqlpfgv
IPy8Y0UxGBmNsK4nKXfXo+3c/EXPVXf/qEEUNQmvbl4Dmhp0LuqdWqgN3+gihj4B
RQqJQjWOTzLivAO3Mh/RtksH/iYfYXAc5+SPfJ56RBxMji17HDkBmALM5kg7VnE3
MIuwSYVfmYzdZzEy5FI93sMD9LIE9jqP7zoMGvT9U/cUlzZkll7BDgeZ1yCvyD+b
FprrgG/zpfqf9dBk5kldwYt/EaYq0VqFFMFT5ujP1FhSSInNxrOxUQpCsycvaBSd
eYJD25qmbbv4lFbb8YNORTS+l2PQAhWSDqLpNBDUqyhiXB7+ufOrfKgP145wxXx5
wWHJdocu0cSiTDrwbDSH
=a0S8
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-postgresql-public mailing list