[Pkg-postgresql-public] postgresql-9.1_9.1.16-0+deb7u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri May 22 16:51:01 UTC 2015 

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 May 2015 16:35:28 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source amd64 all
Version: 9.1.16-0+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description: 
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.1 - object-relational SQL database, version 9.1 server
 postgresql-9.1-dbg - debug symbols for postgresql-9.1
 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
 postgresql-contrib-9.1 - additional facilities for PostgreSQL
 postgresql-doc-9.1 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
 postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Changes: 
 postgresql-9.1 (9.1.16-0+deb7u1) wheezy-security; urgency=medium
 .
   * New upstream version.
 .
     + Avoid possible crash when client disconnects just before the
       authentication timeout expires (Benkocs Norbert Attila)
 .
       If the timeout interrupt fired partway through the session shutdown
       sequence, SSL-related state would be freed twice, typically causing a
       crash and hence denial of service to other sessions.  Experimentation
       shows that an unauthenticated remote attacker could trigger the bug
       somewhat consistently, hence treat as security issue. (CVE-2015-3165)
 .
     + Improve detection of system-call failures (Noah Misch)
 .
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
 .
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
 .
     + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
       or corrupt data (Noah Misch)
 .
       Previously, some cases of decryption with an incorrect key could report
       other error message texts.  It has been shown that such variance in
       error reports can aid attackers in recovering keys from other systems.
       While it's unknown whether pgcrypto's specific behaviors are likewise
       exploitable, it seems better to avoid the risk by using a
       one-size-fits-all message. (CVE-2015-3167)
 .
   * Repository moved to git, update Vcs headers.
Checksums-Sha1: 
 79292c0ffc48c676947cacae4614f93c312adce9 3339 postgresql-9.1_9.1.16-0+deb7u1.dsc
 49597dc03666fb3165093edab13fecb2b919087d 39811 postgresql-9.1_9.1.16-0+deb7u1.debian.tar.gz
 46d2b4f8a9268f75a34ad31fba64fd7ff1c09d7e 193690 libpq-dev_9.1.16-0+deb7u1_amd64.deb
 5c2d88c203fa278f016d8de56d0843190bdef4e1 138276 libpq5_9.1.16-0+deb7u1_amd64.deb
 52eab4590f1110749558c4fba59e497b006299a5 95224 libecpg6_9.1.16-0+deb7u1_amd64.deb
 114c75f86fadbf1027f52750b93c6972de6eda62 226812 libecpg-dev_9.1.16-0+deb7u1_amd64.deb
 fe3827d25750f7368285094ef0f5ec745608756e 32944 libecpg-compat3_9.1.16-0+deb7u1_amd64.deb
 e08b4b05a4638ccdc1b1153c19581335b769125f 54180 libpgtypes3_9.1.16-0+deb7u1_amd64.deb
 4e98250f872f115787dd0e33bfb54e497021b53c 3313604 postgresql-9.1_9.1.16-0+deb7u1_amd64.deb
 ab8438880f09bd0cde9d8ec52a25deafed22a958 6717724 postgresql-9.1-dbg_9.1.16-0+deb7u1_amd64.deb
 367eee3a5320382fb2eb64fb230c7d489b10c9ab 998246 postgresql-client-9.1_9.1.16-0+deb7u1_amd64.deb
 cee9e7c90fff03cdfac40af601c4beb38ff468d0 554956 postgresql-server-dev-9.1_9.1.16-0+deb7u1_amd64.deb
 1b85b9d627b393a2f0a184ea263d0e0fd3b7de5a 1642406 postgresql-doc-9.1_9.1.16-0+deb7u1_all.deb
 29d5e75a986afb756c050b16c786c9e837030fd1 364536 postgresql-contrib-9.1_9.1.16-0+deb7u1_amd64.deb
 ef380fb97503ee4c7fdd3968ea1573a435544d19 73388 postgresql-plperl-9.1_9.1.16-0+deb7u1_amd64.deb
 016fb83afb386e7c9beedd9751a67d268a7b05af 57500 postgresql-plpython-9.1_9.1.16-0+deb7u1_amd64.deb
 5dc0558a6afb373c0ee9045a11929429ad12291c 57222 postgresql-plpython3-9.1_9.1.16-0+deb7u1_amd64.deb
 a03abc2e2a3c91b7938e6114972954dffa003542 47548 postgresql-pltcl-9.1_9.1.16-0+deb7u1_amd64.deb
Checksums-Sha256: 
 ed5d8044e5df2ae1aba0fc8aa55eb700d47fd21d9c7af3ce56e1b3d1fbb64ce7 3339 postgresql-9.1_9.1.16-0+deb7u1.dsc
 bb6f9f73806c074c8195d18d1de18e24be40334c29fb428e884afa7156d0f354 39811 postgresql-9.1_9.1.16-0+deb7u1.debian.tar.gz
 a0032187f954b615eeb3b137105921e96069acc3b6c7c23c3008c12f1f21b7ee 193690 libpq-dev_9.1.16-0+deb7u1_amd64.deb
 dab324f5bf400e64f55a4a62b62b61869a2cc4050eeb9f87bfc44f8c6af27919 138276 libpq5_9.1.16-0+deb7u1_amd64.deb
 ddc5a4df72a0c43ea48cf4c65a32c4d4f6d1fecd0935deaa54d5859417f1eaa1 95224 libecpg6_9.1.16-0+deb7u1_amd64.deb
 b20db5513e88f37374dd41ec36a10852ac92bca8d7399b485e73369bf67d3988 226812 libecpg-dev_9.1.16-0+deb7u1_amd64.deb
 5e4318f108a3ed6f797b69029ab87ac290face0ddd03a6922f72060a4f615fe5 32944 libecpg-compat3_9.1.16-0+deb7u1_amd64.deb
 c0d412ac1e2a5c3d5577c083c624a5c78661ff99f420530c49256984d7397cbc 54180 libpgtypes3_9.1.16-0+deb7u1_amd64.deb
 ffa3d2e4e6e27761642459a8e2d75fe5ef3249e2948036c83235f8cc08cfad2b 3313604 postgresql-9.1_9.1.16-0+deb7u1_amd64.deb
 11b503268f8e18ec7cdec065da927eb32db04086e67b4a050f57d9b018a40447 6717724 postgresql-9.1-dbg_9.1.16-0+deb7u1_amd64.deb
 5be13f04cf82d8214de6b5e5f22c9b0d8c0b52a0990e762b527ca5f2db603dcb 998246 postgresql-client-9.1_9.1.16-0+deb7u1_amd64.deb
 bcfbaba7d595eba09823611ae981b6044832dc72027e8b50ffa75ad02a05d12e 554956 postgresql-server-dev-9.1_9.1.16-0+deb7u1_amd64.deb
 d25f4140914092f136ebd02ec0b7245945f19df355f1770e2cbacbb976c49064 1642406 postgresql-doc-9.1_9.1.16-0+deb7u1_all.deb
 c0021537c2e1af53f3c2eecbc0b6c1167bf0b89359c3e4cbff64f0373581e50b 364536 postgresql-contrib-9.1_9.1.16-0+deb7u1_amd64.deb
 b872a9a8c2eca3634db1f4b81711dba657b74ef014854b07fa8bcb577d88dbcf 73388 postgresql-plperl-9.1_9.1.16-0+deb7u1_amd64.deb
 ae8a9952c18c873547c03d86cf68ee2c3e98d175d28a6dddd44d7992605ffebf 57500 postgresql-plpython-9.1_9.1.16-0+deb7u1_amd64.deb
 53040570f709856f4d3c98789391a9c2331f54270a4676d6fdcb1efbea5700ca 57222 postgresql-plpython3-9.1_9.1.16-0+deb7u1_amd64.deb
 6900b5a25251ae32798ba99d61df99139fa0861734c815149c48d91f625b0cde 47548 postgresql-pltcl-9.1_9.1.16-0+deb7u1_amd64.deb
Files: 
 3365da7cbee4818b56a154001b47c1d9 3339 database optional postgresql-9.1_9.1.16-0+deb7u1.dsc
 23f08be97df25b23cef20a691b3adf34 39811 database optional postgresql-9.1_9.1.16-0+deb7u1.debian.tar.gz
 ff355328a1962b640da062406f5256b2 193690 libdevel optional libpq-dev_9.1.16-0+deb7u1_amd64.deb
 090edb4eef0378cbb9c0c734da9f08a1 138276 libs optional libpq5_9.1.16-0+deb7u1_amd64.deb
 cd7f3998e2ce9b88e46dbf44ceb7580d 95224 libs optional libecpg6_9.1.16-0+deb7u1_amd64.deb
 7465c49b4efc74dde578e6492f38f6c8 226812 libdevel optional libecpg-dev_9.1.16-0+deb7u1_amd64.deb
 8ac276364c103f37b73f86f21297617c 32944 libs optional libecpg-compat3_9.1.16-0+deb7u1_amd64.deb
 7fe7f5b181135a1baa83f54dcbdfe20a 54180 libs optional libpgtypes3_9.1.16-0+deb7u1_amd64.deb
 6f5e7a9a7f6e0049cbf06ab5eaaf1bd8 3313604 database optional postgresql-9.1_9.1.16-0+deb7u1_amd64.deb
 432b86894181b835e729af8e3e4cb4d0 6717724 debug extra postgresql-9.1-dbg_9.1.16-0+deb7u1_amd64.deb
 85585ddb5966929feba7f00d2ca86fe4 998246 database optional postgresql-client-9.1_9.1.16-0+deb7u1_amd64.deb
 b5008d42432f52ca218b598a11320191 554956 libdevel optional postgresql-server-dev-9.1_9.1.16-0+deb7u1_amd64.deb
 16923b5e11ac642933d422dba81293fe 1642406 doc optional postgresql-doc-9.1_9.1.16-0+deb7u1_all.deb
 3b0834c91481b23f0a83c1b3ae776a61 364536 database optional postgresql-contrib-9.1_9.1.16-0+deb7u1_amd64.deb
 13a3cc5be0e3f3f5aac0c8593ac36a38 73388 database optional postgresql-plperl-9.1_9.1.16-0+deb7u1_amd64.deb
 e3a14e72114d61202df88d1105e6154a 57500 database optional postgresql-plpython-9.1_9.1.16-0+deb7u1_amd64.deb
 9914da8798ac1078ec2471b5e53b5dbf 57222 database optional postgresql-plpython3-9.1_9.1.16-0+deb7u1_amd64.deb
 3a4fbb667c0ce72b769e327b9fd448d0 47548 database optional postgresql-pltcl-9.1_9.1.16-0+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVXfG/AAoJEExaa6sS0qeu1B4P/AhRXv8MEHPmTbE/qPhLsxnt
zkGUaHjJEifFKgJ5RCNaRgn9kFsb9Gsyl3hDyqnJk6+CH6PuxEf0zuQ+OuL8+zbI
dkIPAhytZGGHhJsaUoH5P2S9JVoMqtuo2jJMYl0sO5j/BpiewiNnlRv40ciIr9SI
lDbTojBxkXy7Q7xKFhdhs+zCK3RIlF86xqlIe1zGn8mCQrSaBwaGVW6c6AgTvf3c
KIuHVqt0T+1MW+FkCSZr5D+PDsUPSDYBm6GLMvVt9Tf7wm+oG/jeQKPtY3PXI+zU
rmqvUlSo4bwjNPyJ6rFSCw77npgEESvm1/g6csdXO0u+JjyjyPtjyUEh3PMcSjuQ
orb4z5yDojA14AXMW/PMiw5bg4FeFgi88KdjG1xYVdsM/fJjkWEvYH0ZQs+dHYzt
/JAYeP87GU2VxeC1Eq6TJAc1yTclU5z/oBwaj/xrn8jGuGR5Wgd48ZacopuPRK2J
1VZhvSXNCvKSQ7ecjJD4tyGn2V6f5GdydhEJyTrqfjzDfwAhe9nap/tJKOJNqvV+
0Gq2BOFSJNjt7K6Fe5DtYXkIc8iOEeW73fXYyZCw4rjHdSED9pQKWnIlGpmX+5gL
DGvIIvsndFMExw/A1Fnkw80dKDAOckJqRKXfJNWKze+QsWP3JzrUE6HQOh61ALWL
aK6tdG/SCfzlxpn8j96M
=4IRz
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-postgresql-public mailing list