[Pkg-postgresql-public] postgresql-9.5_9.5.4-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Aug 11 13:35:51 UTC 2016


Hash: SHA256

Format: 1.8
Date: Tue, 09 Aug 2016 17:19:59 +0200
Source: postgresql-9.5
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5
Architecture: source
Version: 9.5.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.5 - object-relational SQL database, version 9.5 server
 postgresql-9.5-dbg - debug symbols for postgresql-9.5
 postgresql-client-9.5 - front-end programs for PostgreSQL 9.5
 postgresql-contrib-9.5 - additional facilities for PostgreSQL
 postgresql-doc-9.5 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5
 postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5
 postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5
 postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5
 postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming
 postgresql-9.5 (9.5.4-1) unstable; urgency=medium
   * New upstream version.
     + Fix possible mis-evaluation of nested CASE-WHEN expressions
       (Heikki Linnakangas, Michael Paquier, Tom Lane)
       A CASE expression appearing within the test value subexpression of
       another CASE could become confused about whether its own test value was
       null or not.  Also, inlining of a SQL function implementing the equality
       operator used by a CASE expression could result in passing the wrong
       test value to functions called within a CASE expression in the SQL
       function's body.  If the test values were of different data types, a
       crash might result; moreover such situations could be abused to allow
       disclosure of portions of server memory.  (CVE-2016-5423)
     + Fix client programs' handling of special characters in database and role
       names (Noah Misch, Nathan Bossart, Michael Paquier)
       Numerous places in vacuumdb and other client programs could become
       confused by database and role names containing double quotes or
       backslashes.  Tighten up quoting rules to make that safe. Also, ensure
       that when a conninfo string is used as a database name parameter to
       these programs, it is correctly treated as such throughout.
       Fix handling of paired double quotes in psql's \connect and \password
       commands to match the documentation.
       Introduce a new -reuse-previous option in psql's \connect command to
       allow explicit control of whether to re-use connection parameters from a
       previous connection.  (Without this, the choice is based on whether the
       database name looks like a conninfo string, as before.)  This allows
       secure handling of database names containing special characters in
       pg_dumpall scripts.
       pg_dumpall now refuses to deal with database and role names containing
       carriage returns or newlines, as it seems impractical to quote those
       characters safely on Windows.  In future we may reject such names on the
       server side, but that step has not been taken yet.
       These are considered security fixes because crafted object names
       containing special characters could have been used to execute commands
       with superuser privileges the next time a superuser executes pg_dumpall
       or other routine maintenance operations.  (CVE-2016-5424)
   * Remove conditional multi-arch compilation, all supported dists are
     multi-arched now.
   * Use explicit xz compression for wheezy and precise
 eab6caa759f6ef83b5526ebbf7bcf80a6343a1d7 3617 postgresql-9.5_9.5.4-1.dsc
 bdbbecf691354a689c599631256d41eaa8824c66 18496299 postgresql-9.5_9.5.4.orig.tar.bz2
 6af2ca6f93955a6fea5b2206b533973c2e638100 22368 postgresql-9.5_9.5.4-1.debian.tar.xz
 c42ca9c6d0c7422f11c102417cfeec82b0e1a0cce76edc1455ddb7167d9f5476 3617 postgresql-9.5_9.5.4-1.dsc
 cf5e571164ad66028ecd7dd8819e3765470d45bcd440d258b686be7e69c76ed0 18496299 postgresql-9.5_9.5.4.orig.tar.bz2
 ac9d0b1f2f531c7681eb736c461ddb6ad92f893cfdd24230dece847c9fe6540b 22368 postgresql-9.5_9.5.4-1.debian.tar.xz
 50acc585a6ebce94809ded955679c823 3617 database optional postgresql-9.5_9.5.4-1.dsc
 ad36fcf624748b8ed67783ad04529f43 18496299 database optional postgresql-9.5_9.5.4.orig.tar.bz2
 ab65d11ceac4c9473676374a59ba0115 22368 database optional postgresql-9.5_9.5.4-1.debian.tar.xz

Version: GnuPG v2


Thank you for your contribution to Debian.

More information about the Pkg-postgresql-public mailing list