[Pkg-postgresql-public] postgresql-9.4_9.4.2-0+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri May 22 16:24:58 UTC 2015


Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 May 2015 15:58:30 +0200
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4
Architecture: source amd64 all
Version: 9.4.2-0+deb8u1
Distribution: stable-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.4 - object-relational SQL database, version 9.4 server
 postgresql-9.4-dbg - debug symbols for postgresql-9.4
 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4
 postgresql-contrib-9.4 - additional facilities for PostgreSQL
 postgresql-doc-9.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4
 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4
 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4
 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4
 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming
Changes:
 postgresql-9.4 (9.4.2-0+deb8u1) stable-security; urgency=medium
 .
   * New upstream version.
 .
     + Avoid possible crash when client disconnects just before the
       authentication timeout expires (Benkocs Norbert Attila)
 .
       If the timeout interrupt fired partway through the session shutdown
       sequence, SSL-related state would be freed twice, typically causing a
       crash and hence denial of service to other sessions.  Experimentation
       shows that an unauthenticated remote attacker could trigger the bug
       somewhat consistently, hence treat as security issue. (CVE-2015-3165)
 .
     + Improve detection of system-call failures (Noah Misch)
 .
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
 .
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
 .
     + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
       or corrupt data (Noah Misch)
 .
       Previously, some cases of decryption with an incorrect key could report
       other error message texts.  It has been shown that such variance in
       error reports can aid attackers in recovering keys from other systems.
       While it's unknown whether pgcrypto's specific behaviors are likewise
       exploitable, it seems better to avoid the risk by using a
       one-size-fits-all message. (CVE-2015-3167)
 .
     + Protect against wraparound of multixact member IDs
       (Álvaro Herrera, Robert Haas, Thomas Munro)
 .
       Under certain usage patterns, the existing defenses against this might
       be insufficient, allowing pg_multixact/members files to be removed too
       early, resulting in data loss.
       The fix for this includes modifying the server to fail transactions that
       would result in overwriting old multixact member ID data, and improving
       autovacuum to ensure it will act proactively to prevent multixact member
       ID wraparound, as it does for transaction ID wraparound.
 .
   * Repository moved to git, update Vcs headers.
Checksums-Sha1:
 ef701a5b64abff20b7bed96b423e8a191074987a 3525 postgresql-9.4_9.4.2-0+deb8u1.dsc
 c1ec1254a3ebcef71594000426efab7f07230fe5 17611143 postgresql-9.4_9.4.2.orig.tar.bz2
 68a73f74a28ea7515a5136216d54f18a8968397f 20804 postgresql-9.4_9.4.2-0+deb8u1.debian.tar.xz
 f23fe3b6028dfb14a623cef3ed2fbd1285faca77 161858 libpq-dev_9.4.2-0+deb8u1_amd64.deb
 df8f2dc1fac70e70d9a055735fddb83cb57ed88b 121726 libpq5_9.4.2-0+deb8u1_amd64.deb
 1e75c5a191a6bbcbeb2f27b9b41fb2fe2103f92b 78108 libecpg6_9.4.2-0+deb8u1_amd64.deb
 57db77e9a6f980d152c1b28e538fb5469cb472f2 215448 libecpg-dev_9.4.2-0+deb8u1_amd64.deb
 d832d839e132e895f2b3bf53c711b13cb581c06c 14030 libecpg-compat3_9.4.2-0+deb8u1_amd64.deb
 024deae4a298dbee5947656bbc5efca369d04f09 36034 libpgtypes3_9.4.2-0+deb8u1_amd64.deb
 57ae1ed4eea79d93eaae24fc6655321c411d09a3 3728116 postgresql-9.4_9.4.2-0+deb8u1_amd64.deb
 91cd1594ac3c7c3307d77602c3c92823d89186ad 12041810 postgresql-9.4-dbg_9.4.2-0+deb8u1_amd64.deb
 658876b3cb65a3dfb2bb900b8eab09d74737a7bc 1069462 postgresql-client-9.4_9.4.2-0+deb8u1_amd64.deb
 14f9ebb71d1b55637fcd2dc0ed8c7a0be5ff8d40 635486 postgresql-server-dev-9.4_9.4.2-0+deb8u1_amd64.deb
 015e6640c7ffc366e7d155f90719b3d483a24d6b 1825776 postgresql-doc-9.4_9.4.2-0+deb8u1_all.deb
 2958022558631732a6730918f404bf9fabbbcf32 448680 postgresql-contrib-9.4_9.4.2-0+deb8u1_amd64.deb
 0f91f37ef867d1377bc0e200a20eb05e5c8c3ce8 54988 postgresql-plperl-9.4_9.4.2-0+deb8u1_amd64.deb
 103ba261ec9ee67c49fa656a57aaad858cc98fb4 43024 postgresql-plpython-9.4_9.4.2-0+deb8u1_amd64.deb
 02a8a7390f53955ce725d16c4ef662bfb17f4c78 42830 postgresql-plpython3-9.4_9.4.2-0+deb8u1_amd64.deb
 8f7e4ad6ab5188cfefbae9a4e86ef42d126ffdba 28772 postgresql-pltcl-9.4_9.4.2-0+deb8u1_amd64.deb
Checksums-Sha256:
 5bf9ab5e971741934676a2477adee22167a5b102eeecb7bcb14a3a90284d8b03 3525 postgresql-9.4_9.4.2-0+deb8u1.dsc
 81fda191c165ba1d25d75cd0166ece5abdcb4a7f5eca01b349371e279ebb4d11 17611143 postgresql-9.4_9.4.2.orig.tar.bz2
 4f3c1e14b3e408f96232c90a5f1958ccfbe82483630cec0fb91ed1f6fd2b9820 20804 postgresql-9.4_9.4.2-0+deb8u1.debian.tar.xz
 855e2ac8e7827eaee6c12e98fabfe4d63219d322464950f3455292c0e816b407 161858 libpq-dev_9.4.2-0+deb8u1_amd64.deb
 294e494a3678d7bb4c9a3331a0b1458fc6bfeaed05275f127c5a43e228f51196 121726 libpq5_9.4.2-0+deb8u1_amd64.deb
 871e68616feaaa3edeeb3db10a8f0902ec25be9873e5108c4b83ee11c61c1775 78108 libecpg6_9.4.2-0+deb8u1_amd64.deb
 5823a632f6ecc5c093dfdae9cef5796b3360d2123c86c66444e8d693c713b6aa 215448 libecpg-dev_9.4.2-0+deb8u1_amd64.deb
 bddbd8b09bb26487cbff9fa00b82e9e9789b9a0f8348cde68fd25458e75c0600 14030 libecpg-compat3_9.4.2-0+deb8u1_amd64.deb
 9df4f48a895876cb1aabb82127f74d13f9988d6e3f491be0a1c3a41f7667c2b6 36034 libpgtypes3_9.4.2-0+deb8u1_amd64.deb
 9a3b461fde89c6b86c1dcc78f596e1ddc4774cca420b9c18bcec413bddcf08fb 3728116 postgresql-9.4_9.4.2-0+deb8u1_amd64.deb
 361e0ce452b6e97ec920deafe878fa9a8c7a5ea5690f940137809e47e4e9947e 12041810 postgresql-9.4-dbg_9.4.2-0+deb8u1_amd64.deb
 9fe72c7866615747e5a86aedf8141e270789f082cb8638ac0b1ae7d4173923d9 1069462 postgresql-client-9.4_9.4.2-0+deb8u1_amd64.deb
 08749910f148d3089ed2e621b115210c932c868cbb56b08b619fc322c3866541 635486 postgresql-server-dev-9.4_9.4.2-0+deb8u1_amd64.deb
 4292a804165ba2f38402c3bd5c59c5a17d6c0442af8793af297644d79b418af5 1825776 postgresql-doc-9.4_9.4.2-0+deb8u1_all.deb
 47b9bc7a6327e4fb2c7ef8ef7bd18699683e6b349031a5f52a13b257c89fd4db 448680 postgresql-contrib-9.4_9.4.2-0+deb8u1_amd64.deb
 21bd02517fbb16bb6fa206d8754b91a86caaed52aa2d7552d046e941b69e9319 54988 postgresql-plperl-9.4_9.4.2-0+deb8u1_amd64.deb
 3e8e3ac9d64a75c509ad671dc894f037cb7bff4b796fd246cadcca9fc1eb67a6 43024 postgresql-plpython-9.4_9.4.2-0+deb8u1_amd64.deb
 e06ee6f714bb3b0dd6e65d1823223474f7f886eece283b78bee042bd84bf76a9 42830 postgresql-plpython3-9.4_9.4.2-0+deb8u1_amd64.deb
 fe7324b5b4783613426b946cff90e466109ff79a70ecd698817622585e07cbf1 28772 postgresql-pltcl-9.4_9.4.2-0+deb8u1_amd64.deb
Files:
 d3e0c35302a6ae2699be9798fba35fab 3525 database optional postgresql-9.4_9.4.2-0+deb8u1.dsc
 b6369156607a4fd88f21af6fec0f30b9 17611143 database optional postgresql-9.4_9.4.2.orig.tar.bz2
 ce6d81c082d0ff22d619fd2f9e7d00d1 20804 database optional postgresql-9.4_9.4.2-0+deb8u1.debian.tar.xz
 a37a3af34f7582e915d303413e596d6c 161858 libdevel optional libpq-dev_9.4.2-0+deb8u1_amd64.deb
 7ede416c918645c3cd52bc3531decea2 121726 libs optional libpq5_9.4.2-0+deb8u1_amd64.deb
 f36157aaa1288141a87009d48a9bb0c0 78108 libs optional libecpg6_9.4.2-0+deb8u1_amd64.deb
 809a34821df0ebd89db8c5549bc9b671 215448 libdevel optional libecpg-dev_9.4.2-0+deb8u1_amd64.deb
 2026c1281592c39d87d54055b71fe3f6 14030 libs optional libecpg-compat3_9.4.2-0+deb8u1_amd64.deb
 541649ef2ee4b53d4b044adb944f8c91 36034 libs optional libpgtypes3_9.4.2-0+deb8u1_amd64.deb
 be3dc074777a1b07a987a3ccb05a1fe3 3728116 database optional postgresql-9.4_9.4.2-0+deb8u1_amd64.deb
 8b89d71269e782f17e51b3b72b8616f9 12041810 debug extra postgresql-9.4-dbg_9.4.2-0+deb8u1_amd64.deb
 f378921ba9767ba8bb0b83b9b25b629e 1069462 database optional postgresql-client-9.4_9.4.2-0+deb8u1_amd64.deb
 e83e573123691df06110ec5e749da725 635486 libdevel optional postgresql-server-dev-9.4_9.4.2-0+deb8u1_amd64.deb
 148f5820f82351449994095dc9bf46a8 1825776 doc optional postgresql-doc-9.4_9.4.2-0+deb8u1_all.deb
 82ee1cc8f65da1e98a06bb7047cc8c21 448680 database optional postgresql-contrib-9.4_9.4.2-0+deb8u1_amd64.deb
 d0c21d537556e38b84a8273aef48eca3 54988 database optional postgresql-plperl-9.4_9.4.2-0+deb8u1_amd64.deb
 ca1e460d63b75be76a7bfb40e432d1d7 43024 database optional postgresql-plpython-9.4_9.4.2-0+deb8u1_amd64.deb
 bc73b47aa78be785af9ad2c5313b3a14 42830 database optional postgresql-plpython3-9.4_9.4.2-0+deb8u1_amd64.deb
 c90b875ec13962161d5ce21c22578667 28772 database optional postgresql-pltcl-9.4_9.4.2-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVXegzAAoJEExaa6sS0qeuebcP/0DMfFKx++yHVNlHjsymGzDL
dwiL25xLKf7Mm0xlDyXQ7A6xnxK8Zos1r8bynUAcZcAiJd+ot4YfwIPOwgA8NBNy
kd1cJVBeIv0AnrCRGe5CGl/BKPSVCjlyh9b+ASEbtFpizydTKN1cjeLAgKJWe1Sl
UoUi5v+h9xG3J8VCV53H8kvFRCB9xxCbKjhRpCOXBuXeHmaymmEz7WceQcRpZUom
nrTR4OZmDcytMSMWWTIXDYUGYXYl1kHb5Coi9W4WbAe8Gh5yyVTtHLa+uEPe7gwH
ZZoADgWJg2WcALgQCPoAJsZLGt6lH/yq/4Aq8x/AfSreZ1dHZ4C0U4/5twlg4gAg
d1eHkq9ujwhiL+dWjvGRE5Ca0aq5MEhQ9Uygxa93YnEDD0vc9MZ+airRwIb9Ip1F
ZsDvm6sefGozJnXeKX2eVZr16jPF7voIYFrRi6aYyP+z1Bn9RflVIZdSlwoilng1
QOCIYIIvTgDG0fa2IuZqHFDJ0i2HVxFAcImu0rJIx64gsAgF3QeJQMuz7+6LOrST
gZN/HFiwOkLgdtHwpr6I4Y2ahRY7CncmRfxuZWT6+5F8axHlOVoMierNARML/8KJ
YGCiJzKtpZ5sXHHxke4gEtUScivSozI0mz6tClzjOtnkxoBIQ9HU2GBrFOll5u5D
hMmgDxOuDlFpDtWXEOoO
=tNrK
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-postgresql-public mailing list