[Pkg-postgresql-public] postgresql-9.4_9.4.17-0+deb8u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Mar 6 10:10:08 UTC 2018 

Mapping jessie to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Feb 2018 13:20:22 +0100
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4
Architecture: source amd64 all
Version: 9.4.17-0+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg at credativ.de>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.4 - object-relational SQL database, version 9.4 server
 postgresql-9.4-dbg - debug symbols for postgresql-9.4
 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4
 postgresql-contrib-9.4 - additional facilities for PostgreSQL
 postgresql-doc-9.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4
 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4
 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4
 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4
 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming
Changes:
 postgresql-9.4 (9.4.17-0+deb8u1) jessie; urgency=medium
 .
   * New upstream version.
 .
     If you run an installation in which not all users are mutually
     trusting, or if you maintain an application or extension that is
     intended for use in arbitrary situations, it is strongly recommended
     that you read the documentation changes described in the first changelog
     entry below, and take suitable steps to ensure that your installation or
     code is secure.
 .
     Also, the changes described in the second changelog entry below may
     cause functions used in index expressions or materialized views to fail
     during auto-analyze, or when reloading from a dump.  After upgrading,
     monitor the server logs for such problems, and fix affected functions.
 .
     + Document how to configure installations and applications to guard
       against search-path-dependent trojan-horse attacks from other users
 .
       Using a search_path setting that includes any schemas writable by a
       hostile user enables that user to capture control of queries and then
       run arbitrary SQL code with the permissions of the attacked user.  While
       it is possible to write queries that are proof against such hijacking,
       it is notationally tedious, and it's very easy to overlook holes.
       Therefore, we now recommend configurations in which no untrusted schemas
       appear in one's search path.
       (CVE-2018-1058)
 .
     + Avoid use of insecure search_path settings in pg_dump and other client
       programs
 .
       pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
       were themselves vulnerable to the type of hijacking described in the
       previous changelog entry; since these applications are commonly run by
       superusers, they present particularly attractive targets.  To make them
       secure whether or not the installation as a whole has been secured,
       modify them to include only the pg_catalog schema in their search_path
       settings. Autovacuum worker processes now do the same, as well.
 .
       In cases where user-provided functions are indirectly executed by these
       programs -- for example, user-provided functions in index expressions --
       the tighter search_path may result in errors, which will need to be
       corrected by adjusting those user-provided functions to not assume
       anything about what search path they are invoked under.  That has always
       been good practice, but now it will be necessary for correct behavior.
       (CVE-2018-1058)
Checksums-Sha1:
 858ea950441266defbc5187cc618d97a86f96dcf 3546 postgresql-9.4_9.4.17-0+deb8u1.dsc
 e9de67c092dc2fed53db86fd25c5bd167e372876 17807648 postgresql-9.4_9.4.17.orig.tar.bz2
 6e56790e98d6eaa5ef9d3d7f7ecf5ced152a0d3d 26016 postgresql-9.4_9.4.17-0+deb8u1.debian.tar.xz
 48f9e7b445b0baa5d92f729f7af28d31b669357f 166806 libpq-dev_9.4.17-0+deb8u1_amd64.deb
 1794b1ae23e27a26bbe6007cd62b1173c96ead02 127752 libpq5_9.4.17-0+deb8u1_amd64.deb
 687cc33124a8b0f71d64ec59ce53f89e24400b07 83230 libecpg6_9.4.17-0+deb8u1_amd64.deb
 25f387619ec81938d275c4740645105e239405cc 220240 libecpg-dev_9.4.17-0+deb8u1_amd64.deb
 828ae117bb8081e97931261ab5c4df2574336c85 18182 libecpg-compat3_9.4.17-0+deb8u1_amd64.deb
 cf9a5b4e70aeb43cc52ebb0a10d2a5d65888931d 40192 libpgtypes3_9.4.17-0+deb8u1_amd64.deb
 38fc82cf3c4fd7f3c72b7ed17962f36a698b1e88 3717866 postgresql-9.4_9.4.17-0+deb8u1_amd64.deb
 af4f9b0a4da7ef19c4e5d4e685954d7ed047adbb 12245632 postgresql-9.4-dbg_9.4.17-0+deb8u1_amd64.deb
 2f40b97f3dda91db4a7c1145560084104a44a374 1097064 postgresql-client-9.4_9.4.17-0+deb8u1_amd64.deb
 f75e81f26fdff262e718a23340ff6b6a7487453c 645014 postgresql-server-dev-9.4_9.4.17-0+deb8u1_amd64.deb
 b568ad485c69e32d0141ff1c59865db5dec264e6 1896092 postgresql-doc-9.4_9.4.17-0+deb8u1_all.deb
 c7d87612d6661d8d2c2020d80cf61548d5827a2d 455880 postgresql-contrib-9.4_9.4.17-0+deb8u1_amd64.deb
 15972a739806a42858d0734d639513a5ac64fe30 56364 postgresql-plperl-9.4_9.4.17-0+deb8u1_amd64.deb
 721b44a8c137690e9d3632fad9627a9cec890517 47524 postgresql-plpython-9.4_9.4.17-0+deb8u1_amd64.deb
 7d55cc4992843be2f5dab9626438565f1a0cb21c 47324 postgresql-plpython3-9.4_9.4.17-0+deb8u1_amd64.deb
 ec6fa1d231dd1597aa15f88a3f9c8222148fda22 33034 postgresql-pltcl-9.4_9.4.17-0+deb8u1_amd64.deb
Checksums-Sha256:
 c9299436fa4f41df01cc5e60f4132366529b3151f057082d720d178ecc1eb103 3546 postgresql-9.4_9.4.17-0+deb8u1.dsc
 6fe707c2a31ba9d2f0dbeb4b7d024d7458d32ec75ca1b487e9915b9379b7fe10 17807648 postgresql-9.4_9.4.17.orig.tar.bz2
 20d00d44ba58c648ddc25984bbf8cb6d4b21123ed9122c2e4f25b9c079cd441e 26016 postgresql-9.4_9.4.17-0+deb8u1.debian.tar.xz
 417b73ff16cf5bfec2b8894901061e9d73e4cc9b920865718846672566c2a13d 166806 libpq-dev_9.4.17-0+deb8u1_amd64.deb
 c701fac326c34cf47216e88fe44604773e1002828be62ac5a4afe5fdcc02c0c6 127752 libpq5_9.4.17-0+deb8u1_amd64.deb
 cb2592e0d0bb6bab7079add6d998bba7308f57edcb518293cffd1f4c0d7e3a78 83230 libecpg6_9.4.17-0+deb8u1_amd64.deb
 7d8f08661515615fe0f869a042f791653c28d6e0df6eaac5813db9d91eb46794 220240 libecpg-dev_9.4.17-0+deb8u1_amd64.deb
 0d4461f9775cd90053fa548f0ee4dcbf271c6251a15d4ba5dc78aa7881d62d82 18182 libecpg-compat3_9.4.17-0+deb8u1_amd64.deb
 0c680c3f725e5f781ee2aba2489f6f4917fa25e857384d964683848e245de554 40192 libpgtypes3_9.4.17-0+deb8u1_amd64.deb
 89f2f70c122dea23de65ffd71598972b1cb331f6d48778446188436e63638aa7 3717866 postgresql-9.4_9.4.17-0+deb8u1_amd64.deb
 bf325f2bd994f28e002fb94d76aeff81c3432b8f16986586f352aa3a5eb05bf5 12245632 postgresql-9.4-dbg_9.4.17-0+deb8u1_amd64.deb
 c7d476feb8cd15e15da83ecd2246740b2ef35ca6b3b242bf7829790b86ad700e 1097064 postgresql-client-9.4_9.4.17-0+deb8u1_amd64.deb
 ca74a055c1ca6e59de2c63b159ac442d2db48bf365d7cb651c9210c6cf2eaac1 645014 postgresql-server-dev-9.4_9.4.17-0+deb8u1_amd64.deb
 5d9d437d3001cb2259d9f497521799d54e2dae7f1af89d28bf23338a8f5fbf8d 1896092 postgresql-doc-9.4_9.4.17-0+deb8u1_all.deb
 0e27716e7dc02dc2c1c4beed5466e34fd9b1107b0fe055323269eee50d6471fe 455880 postgresql-contrib-9.4_9.4.17-0+deb8u1_amd64.deb
 9908b5cb4ff9f3da56a2ad789fc46c15ac8a43e988734e4886eb9b9f6b8aee72 56364 postgresql-plperl-9.4_9.4.17-0+deb8u1_amd64.deb
 17c0551c6f07ffd934eb7ceefff6b513b7ef948df5545585ebd54a5a5f333a60 47524 postgresql-plpython-9.4_9.4.17-0+deb8u1_amd64.deb
 762b2557754fddf1621f45c9280aad776072d56a2453104bca157ee0ce5b4bea 47324 postgresql-plpython3-9.4_9.4.17-0+deb8u1_amd64.deb
 c33f829aaf6d68b39c769d73bb8a08b134176853f57628d68d8d4cd1cf78ec68 33034 postgresql-pltcl-9.4_9.4.17-0+deb8u1_amd64.deb
Files:
 6310a0922f3961d35121efa6cd83125d 3546 database optional postgresql-9.4_9.4.17-0+deb8u1.dsc
 16f73d56c07a3b3c467aef0e419d1acd 17807648 database optional postgresql-9.4_9.4.17.orig.tar.bz2
 b7bf316484bf7868a9ed25261fbff348 26016 database optional postgresql-9.4_9.4.17-0+deb8u1.debian.tar.xz
 22726bedb901058a30e6a52bc9845406 166806 libdevel optional libpq-dev_9.4.17-0+deb8u1_amd64.deb
 ac95026c8b731fecbfdda19a310c886a 127752 libs optional libpq5_9.4.17-0+deb8u1_amd64.deb
 00c469ea7693d7322fea283ed4b2337b 83230 libs optional libecpg6_9.4.17-0+deb8u1_amd64.deb
 9fe4a9bbd67a956ddb3cef7e377e6a54 220240 libdevel optional libecpg-dev_9.4.17-0+deb8u1_amd64.deb
 d78e7aa8b9e25ac85e3f4a33078b8877 18182 libs optional libecpg-compat3_9.4.17-0+deb8u1_amd64.deb
 3de6289f8efa60209ddc6720614427f2 40192 libs optional libpgtypes3_9.4.17-0+deb8u1_amd64.deb
 34ab8f97297204f131ae3e6379d6c68c 3717866 database optional postgresql-9.4_9.4.17-0+deb8u1_amd64.deb
 575f6f39ae7d1a10dd625fa653c314aa 12245632 debug extra postgresql-9.4-dbg_9.4.17-0+deb8u1_amd64.deb
 0b9290c5f41561dd52e73a119e92c598 1097064 database optional postgresql-client-9.4_9.4.17-0+deb8u1_amd64.deb
 b2b57ee7fe260bc1e88d97e43068e3d5 645014 libdevel optional postgresql-server-dev-9.4_9.4.17-0+deb8u1_amd64.deb
 102084047e88114c9a0d3f7d351a87e7 1896092 doc optional postgresql-doc-9.4_9.4.17-0+deb8u1_all.deb
 799ad9e5a516b8987a1a32b111856100 455880 database optional postgresql-contrib-9.4_9.4.17-0+deb8u1_amd64.deb
 1cbef3e37170f3f99fee590ec0f6fc05 56364 database optional postgresql-plperl-9.4_9.4.17-0+deb8u1_amd64.deb
 7961f4421f0137d5202b071abf5759af 47524 database optional postgresql-plpython-9.4_9.4.17-0+deb8u1_amd64.deb
 e70dffe651c3d7a0987dd51bae565c60 47324 database optional postgresql-plpython3-9.4_9.4.17-0+deb8u1_amd64.deb
 cad8e6aa74544d07158093899e3ef7a4 33034 database optional postgresql-pltcl-9.4_9.4.17-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlqeYQAACgkQTFprqxLS
p67ekg//byNBPPRaLR4re3epsd3wzr3iDCaG+w8QUbcdoj2sWO2G+bkQeOong6Kn
PCO7FUd2eYo7oHmM/rUG6QbBxuSVX7vRbDB+09Yk5bEgK8FNWfNDVFj/6Q2VPJLt
gKBwdtFd4RXHb+Oiz8fMu7FDMzqn6atCgdAf5mnjVGUnuUHyyOwGnoyXwzfhYeUJ
ZZkEW5jUzygbdx5v70DWUCPtd/JSz9IPD/aESnc5xNGl9EB9NA0GoahFdUpfh+L/
2RZMv6bK02PaZFGRPuzPkxTL2EnuaIT6qeNbseWRiNUMA+NhYpmuvOrQf7hMobe+
ZGv83MVFTTaWj+E+1TjFSUADPf91p8f4Mtu/2YqtFNFqYTInPnFvD0wruoMr2u2U
VFmT6iC19hJMAcLg9WHld5SSD9YdU1T5GgyNGIGPCBwzutLf5N310IZ6LxaHDFJn
Il2BPe0JV2v41ZoTpBzavxm92f4wRpgFi/yh/vRyuZjCa0BZdyhnkM61hyjsXONH
il+lURPc8pPdXK3swxZ7afqOkmwIPPeJ49pYJ2CHww1EE58IFYioRYdsPva2JEfh
Z1dMRsS8BF2I7xGljhO8EsFJF78mA0uViecFsV2w33/3yG9jBnDkUW+3lrJoXhSg
WPea7GaGNTjV+6ovCEaDArS4svhgnnVLcI88KK7/bs/YJt4LFQ8=
=ilRu
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-postgresql-public mailing list