[Pkg-postgresql-public] postgresql-9.4_9.4.5-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Oct 8 12:50:22 UTC 2015
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 06 Oct 2015 11:02:48 +0200
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4
Architecture: source
Version: 9.4.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.4 - object-relational SQL database, version 9.4 server
postgresql-9.4-dbg - debug symbols for postgresql-9.4
postgresql-client-9.4 - front-end programs for PostgreSQL 9.4
postgresql-contrib-9.4 - additional facilities for PostgreSQL
postgresql-doc-9.4 - documentation for the PostgreSQL database management system
postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4
postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4
postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4
postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4
postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming
Changes:
postgresql-9.4 (9.4.5-1) unstable; urgency=medium
.
* New upstream version.
.
+ Guard against stack overflows in json parsing (Oskari Saarenmaa)
.
If an application constructs PostgreSQL json or jsonb values from
arbitrary user input, the application's users can reliably crash the
PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)
.
+ Fix contrib/pgcrypto to detect and report too-short crypt() salts
(Josh Kupershmidt)
.
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
.
* debian/rules: Call dh without --parallel, it's not supported upstream.
Checksums-Sha1:
15fd99879923d8f7fd86c26ab00e38bd6c1ad456 3503 postgresql-9.4_9.4.5-1.dsc
266b8e92cdced161b6a98d4eda0810e4b61fcf49 17660960 postgresql-9.4_9.4.5.orig.tar.bz2
52e7e745c73994b7ad9f48dec19c5c5e8bb05589 21352 postgresql-9.4_9.4.5-1.debian.tar.xz
Checksums-Sha256:
a8bf6a87916326f7ecc504d0429a51b552a8ff1f39f3b2aa09abb55ba4d43f82 3503 postgresql-9.4_9.4.5-1.dsc
b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39 17660960 postgresql-9.4_9.4.5.orig.tar.bz2
1aaffc8862d0450e292e56bc3793abb579bc5d6765f74bf50915647f5e194691 21352 postgresql-9.4_9.4.5-1.debian.tar.xz
Files:
a4c3882b159f8918226b0b07b66f1a2b 3503 database optional postgresql-9.4_9.4.5-1.dsc
8b2e3472a8dc786649b4d02d02e039a0 17660960 database optional postgresql-9.4_9.4.5.orig.tar.bz2
791802a730ce91ea3a5f2b4d9b39e969 21352 database optional postgresql-9.4_9.4.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWFmUmAAoJEExaa6sS0qeuTLsP/iXgU9J6thdLSDP7EuqUgnQD
ekIH+25k8XTg57wy3KqtFq+oc+mftrZKIj5cngLUax8yJ08SBvBP4QDiv1vlFT/p
9y6lYmy05ZtTmZ5g0jCR0gedRYuaEDQecvevtkBKoRPduaysV5V4HayijpuHxUzw
6SICyE0t1L8m+HM/9SxlBfqdhuCFDO4PGgnJ/w/yS34VW8s8XqhG0/WFpqb21j1y
vNKqfPTgKtkIuT/U05Zai7VOLUmj2YUaPFw3z0sd/zgzBj0/VTzj6pTNW0kwBMrE
Tnjlr2WEjdcNzad6yXf0mJ4un2qqvBH79f9wxPMKNLLMHciqoFpaZJPkzhVd+396
V5wWshsxhmTOxVJpRtpry5mXynA2ck/pi1i6Vr5QoUZnK4KMpac3L8YA0d2YUK4r
pwxnUn2DLcJFb2WCYuJ9brkFabwnlASPhWTK+ol4NSM5TtJBiJ082EufbcLDZKJR
uaHGYb6keW4MyZ6SytNdkU98Hb9aDAAX5rlaEbz2a9VpCM2RTbOlvrH39ioqfoVv
xAhttBzb3oipIpigDLhJpW8a+s/eMqo2CoYpf4xK+GH4APQlK7FL/Z8w0SOIO/FS
9wkwk8vrRmvZBiCj7P6d7anxpHGJPu6CfacW2VKzCq+8wWzSH84AvDORY9ib+WVh
D1xV1J0XvUKFvQz6DxSi
=KjZi
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-postgresql-public
mailing list