[Pkg-postgresql-public] postgresql-9.1_9.1.16-0+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri May 22 18:50:56 UTC 2015
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 May 2015 15:56:32 +0200
Source: postgresql-9.1
Binary: postgresql-plperl-9.1
Architecture: source amd64
Version: 9.1.16-0+deb8u1
Distribution: stable-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description:
postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
Changes:
postgresql-9.1 (9.1.16-0+deb8u1) stable-security; urgency=medium
.
* New upstream version, relevant PL/Perl change:
.
+ Improve detection of system-call failures (Noah Misch)
.
Our replacement implementation of snprintf() failed to check for errors
reported by the underlying system library calls; the main case that
might be missed is out-of-memory situations. In the worst case this
might lead to information exposure, due to our code assuming that a
buffer had been overwritten when it hadn't been. Also, there were a few
places in which security-relevant calls of other system library
functions did not check for failure.
.
It remains possible that some calls of the *printf() family of functions
are vulnerable to information disclosure if an out-of-memory error
occurs at just the wrong time. We judge the risk to not be large, but
will continue analysis in this area. (CVE-2015-3166)
.
* Repository moved to git, update Vcs headers.
Checksums-Sha1:
e70f1caa6c68ebeb9d85d56895144035ec3b3c03 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc
e6cdb1494cc90ede8c0a19ac2ea1c14dbf36d404 15814306 postgresql-9.1_9.1.16.orig.tar.bz2
aa5e3c3d9967d809bc89024be8a65ae1851da749 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
35ed30e196d7125a86ebfacbb46d3f17caa6fde0 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb
Checksums-Sha256:
5a8cc29ef6c448bb3fa143044783d2516ff0ce8a11ee00b0497af083dcbe9d99 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc
2b65e2f7d6171107b96d3e92f42b869ec21f3b4e920d8941e511111372909456 15814306 postgresql-9.1_9.1.16.orig.tar.bz2
52f3b23471bd4d761e537b658c06b0086e4593e6eedc432fd9dc6bea06775c1e 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
1785f860bdc5f8ea9885a1a8bc3ac67f7b1173446f2dfcbcaf5c6729019f8802 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb
Files:
107a08972b48fb68571525d5e09aa3c3 2271 database optional postgresql-9.1_9.1.16-0+deb8u1.dsc
db77f7ca6123ec6b71fee983a896a24b 15814306 database optional postgresql-9.1_9.1.16.orig.tar.bz2
3afcd1f06de1ca17518b544f50a617ac 35248 database optional postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz
c3ba516fb8467f58c5fc7088a8b9ed7c 73278 database optional postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVXeXNAAoJEExaa6sS0qeuDAcP/2gkZnQddj5OApczDYsSKLMX
YAj2FFAcsAxEdpMxZ6o0Kdor0T7v6mBKhKsvhRABQII4LL7rlSrGU4s3hhrao3Yj
6rbyhhRcRdwYY98Vl1NxiU0RoBsNy1bdXcYK5MlXrSzA9JybIu3liCRwGblBWHQk
VcNwgII7boJ/xQAm20bAyVnnZBwob1YCYMrwzLeqjSomzcbu+JHRurHiU7iprfzy
cbBtOnEsbNsRuVKcT5C3E6gegFBbKS+8nkVvX2vVLUaNdcIJJS0dVm+6eWhuGZUD
rPhEPsBV44YOQlub+qjxFkaI81M71FKX/551+sxexXQiZ0ECmraW8Ce9SQqlpfgv
IPy8Y0UxGBmNsK4nKXfXo+3c/EXPVXf/qEEUNQmvbl4Dmhp0LuqdWqgN3+gihj4B
RQqJQjWOTzLivAO3Mh/RtksH/iYfYXAc5+SPfJ56RBxMji17HDkBmALM5kg7VnE3
MIuwSYVfmYzdZzEy5FI93sMD9LIE9jqP7zoMGvT9U/cUlzZkll7BDgeZ1yCvyD+b
FprrgG/zpfqf9dBk5kldwYt/EaYq0VqFFMFT5ujP1FhSSInNxrOxUQpCsycvaBSd
eYJD25qmbbv4lFbb8YNORTS+l2PQAhWSDqLpNBDUqyhiXB7+ufOrfKgP145wxXx5
wWHJdocu0cSiTDrwbDSH
=a0S8
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-postgresql-public
mailing list