Your message dated Sun, 25 Apr 2010 19:52:42 +0000
with message-id <[email protected]>
and subject line Bug#567058: fixed in postgresql-8.3 8.3.10-0lenny1
has caused the Debian Bug report #567058,
regarding postgresql-8.3 - Segfault in substring
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
567058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postgresql-8.3
Version: 8.3.8-0lenny1
Severity: important
Tags: security
postgresql server crashs with substring.
| => select
substring(B'10101010101010101010101010101010101010101010101',33,-15);
| server closed the connection unexpectedly
| This probably means the server terminated abnormally
| before or while processing the request.
| The connection to the server was lost. Attempting reset: Failed.
| LOG: server process (PID 24968) was terminated by signal 11: Segmentation
fault
| LOG: terminating any other active server processes
| WARNING: terminating connection because of crash of another server process
| DETAIL: The postmaster has commanded this server process to roll back the
current transaction and exit, because another server process exited abnormally
and possibly corrupted shared memory.
See
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
Bastian
--
Yes, it is written. Good shall always destroy evil.
-- Sirah the Yang, "The Omega Glory", stardate unknown
--- End Message ---
--- Begin Message ---
Source: postgresql-8.3
Source-Version: 8.3.10-0lenny1
We believe that the bug you reported is fixed in the latest version of
postgresql-8.3, which is due to be installed in the Debian FTP archive:
libecpg-compat3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libecpg-compat3_8.3.10-0lenny1_amd64.deb
libecpg-dev_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libecpg-dev_8.3.10-0lenny1_amd64.deb
libecpg6_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libecpg6_8.3.10-0lenny1_amd64.deb
libpgtypes3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libpgtypes3_8.3.10-0lenny1_amd64.deb
libpq-dev_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libpq-dev_8.3.10-0lenny1_amd64.deb
libpq5_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/libpq5_8.3.10-0lenny1_amd64.deb
postgresql-8.3_8.3.10-0lenny1.diff.gz
to main/p/postgresql-8.3/postgresql-8.3_8.3.10-0lenny1.diff.gz
postgresql-8.3_8.3.10-0lenny1.dsc
to main/p/postgresql-8.3/postgresql-8.3_8.3.10-0lenny1.dsc
postgresql-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-8.3_8.3.10-0lenny1_amd64.deb
postgresql-8.3_8.3.10.orig.tar.gz
to main/p/postgresql-8.3/postgresql-8.3_8.3.10.orig.tar.gz
postgresql-client-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0lenny1_amd64.deb
postgresql-client_8.3.10-0lenny1_all.deb
to main/p/postgresql-8.3/postgresql-client_8.3.10-0lenny1_all.deb
postgresql-contrib-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0lenny1_amd64.deb
postgresql-contrib_8.3.10-0lenny1_all.deb
to main/p/postgresql-8.3/postgresql-contrib_8.3.10-0lenny1_all.deb
postgresql-doc-8.3_8.3.10-0lenny1_all.deb
to main/p/postgresql-8.3/postgresql-doc-8.3_8.3.10-0lenny1_all.deb
postgresql-doc_8.3.10-0lenny1_all.deb
to main/p/postgresql-8.3/postgresql-doc_8.3.10-0lenny1_all.deb
postgresql-plperl-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0lenny1_amd64.deb
postgresql-plpython-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0lenny1_amd64.deb
postgresql-pltcl-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0lenny1_amd64.deb
postgresql-server-dev-8.3_8.3.10-0lenny1_amd64.deb
to main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0lenny1_amd64.deb
postgresql_8.3.10-0lenny1_all.deb
to main/p/postgresql-8.3/postgresql_8.3.10-0lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[email protected]> (supplier of updated postgresql-8.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 13 Mar 2010 16:33:15 +0100
Source: postgresql-8.3
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3
postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3
postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client
postgresql-doc postgresql-contrib
Architecture: source all amd64
Version: 8.3.10-0lenny1
Distribution: stable
Urgency: low
Maintainer: Martin Pitt <[email protected]>
Changed-By: Martin Pitt <[email protected]>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.3 - object-relational SQL database, version 8.3 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.3 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.3 - documentation for the PostgreSQL database management
system
postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side
programming
Closes: 411982 567058
Changes:
postgresql-8.3 (8.3.10-0lenny1) stable; urgency=low
.
* New upstream bug fix release:
- Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection.
This can be set to zero to disable renegotiation completely, which
may be required if a broken SSL library is used. In particular,
some vendors are shipping stopgap patches for CVE-2009-3555 that
cause renegotiation attempts to fail.
- Fix possible deadlock during backend startup.
- Fix possible crashes due to not handling errors during relcache
reload cleanly.
- Fix possible crash due to use of dangling pointer to a cached plan.
- Fix possible crashes when trying to recover from a failure in
subtransaction start.
- Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding.
- Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split.
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
- Make substring() for bit types treat any negative length as meaning
"all the rest of the string".
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442). (Closes: #567058)
- Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits.
- Fix some cases of pathologically slow regular expression matching.
- Fix assorted crashes in xml processing caused by sloppy memory
management.
This is a back-patch of changes first applied in 8.4. The 8.3 code
was known buggy, but the new code was sufficiently different to not
want to back-patch it until it had gotten some field testing.
- Fix bug with trying to update a field of an element of a
composite-type array column.
- Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary.
- Fix some more cases of temporary-file leakage.
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
- Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint.
- When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request.
This prevents erratic behavior if a role or database name starts
with @. If you need to include a file whose path name contains
spaces, you can still do so, but you must write @"/path to/file"
rather than putting the quotes around the whole construct.
- Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files.
- Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno.
This is reportedly possible with some Windows versions of openssl.
- Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly.
- Make ecpg report the proper SQLSTATE if the connection disappears.
- Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats.
- Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT".
- Fix plpgsql failure in one case where a composite column is set to
NULL.
- Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa.
- Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior.
- Ensure PL/Tcl initializes the Tcl interpreter fully.
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
- Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_- function.
- Allow zero-dimensional arrays in "contrib/ltree" operations.
This case was formerly rejected as an error, but it's more
convenient to treat it the same as a zero-element array. In
particular this avoids unnecessary failures when an ltree operation
is applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
- Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management.
* Add 00cvs-unregister-ssl-callbacks.patch: Properly unregister OpenSSL
callbacks when libpq is done with it's connection. Thanks Ondřej Surý for
the backport! (Closes: #411982, LP: #63141)
Checksums-Sha1:
e0823589bcf97da32c986358363e5cb59eddf15d 1673 postgresql-8.3_8.3.10-0lenny1.dsc
d69dc84821208f51b878583d552ed5803926d1f8 13870846
postgresql-8.3_8.3.10.orig.tar.gz
8b747e4ad1eb713548dd888e4d0dabed276c13a6 49268
postgresql-8.3_8.3.10-0lenny1.diff.gz
ddfd2c83a34811115e9ec70041e9f215411eed17 2177644
postgresql-doc-8.3_8.3.10-0lenny1_all.deb
10ad7a98513fe394c44800e7dd73c88cdc4021b8 256110
postgresql_8.3.10-0lenny1_all.deb
02d88c2afdcb4b3893d633ca18fa349b7c29f568 256076
postgresql-client_8.3.10-0lenny1_all.deb
1b544c83ae0e3f6bd9e4c6d11e94810c737d0c04 255918
postgresql-doc_8.3.10-0lenny1_all.deb
65f613306b3291289368d21965715dc509c17b21 255978
postgresql-contrib_8.3.10-0lenny1_all.deb
ab0a451125674b36c52bde7510eb6cf0d1d1546f 462144
libpq-dev_8.3.10-0lenny1_amd64.deb
f31646bbfef34a774db2c050d1b6acd0c60f3096 393638 libpq5_8.3.10-0lenny1_amd64.deb
d80224ce6c1f36442aa1c4c240e4ec3e058a0d38 285438
libecpg6_8.3.10-0lenny1_amd64.deb
c61419dad75f3017bc501a5fb7fb5d81ad835e10 474648
libecpg-dev_8.3.10-0lenny1_amd64.deb
e899debaf6bd0779e4f0065a85fd24c5c785edf0 264042
libecpg-compat3_8.3.10-0lenny1_amd64.deb
db11dca5fa5aee3cc3c055fae67f0b9e5b7b9e81 285602
libpgtypes3_8.3.10-0lenny1_amd64.deb
04e3c27d8b6105ce6be19e68e3c71c58d43e969e 5375442
postgresql-8.3_8.3.10-0lenny1_amd64.deb
2da0070c139c45bcfd20c3c218f18e3090d06968 1701826
postgresql-client-8.3_8.3.10-0lenny1_amd64.deb
58e49895377e104ce8140c93bfdfe1e58726b845 829514
postgresql-server-dev-8.3_8.3.10-0lenny1_amd64.deb
23d7d07b996503dd23e3d291246162fcab864e06 622318
postgresql-contrib-8.3_8.3.10-0lenny1_amd64.deb
5ff8db0d8b246e3ed762e1ed53e251c4977668f5 283988
postgresql-plperl-8.3_8.3.10-0lenny1_amd64.deb
11c06310f6803edc35b4f20c7e5273c2cfbbd42f 277856
postgresql-plpython-8.3_8.3.10-0lenny1_amd64.deb
52375810a821bc0c59fc24af8238c438cd879afd 275118
postgresql-pltcl-8.3_8.3.10-0lenny1_amd64.deb
Checksums-Sha256:
2859b0ea969ec409186b83424ff582deb2eac98eb2dcb07e5f376d58732dcb42 1673
postgresql-8.3_8.3.10-0lenny1.dsc
6c4e55918df0050cdf71896a8577f6b03c28cf20bd959c77c43165bfcb8abd12 13870846
postgresql-8.3_8.3.10.orig.tar.gz
97295efa196ea774c2ce162d965054454310ab095826cc9b811b71c53e30a0ba 49268
postgresql-8.3_8.3.10-0lenny1.diff.gz
da1423819d91e5bb68306e94465925b78534baa1d60d6617e1991d4dd1cec148 2177644
postgresql-doc-8.3_8.3.10-0lenny1_all.deb
b0c3de7ba9843721d7f08c33cf19672046f62cdf46c4ca0b93822aca59568434 256110
postgresql_8.3.10-0lenny1_all.deb
64f20f563e273790b4a7aeb3901fbb871849a525e0ebd781ea6eec6d3cf00cff 256076
postgresql-client_8.3.10-0lenny1_all.deb
d48bdd907753f2ea600e50595f93c4bb4c0715cf249837f13646a19017f8e7f0 255918
postgresql-doc_8.3.10-0lenny1_all.deb
43849d0dd9dd1d4b5486ba454c88eb05e96df6fa104a92d8184fd31297b6ebbe 255978
postgresql-contrib_8.3.10-0lenny1_all.deb
666f4835cb6fba8d7cb5f9fb794b93b999d99452d3ca599eee5156ebcc701543 462144
libpq-dev_8.3.10-0lenny1_amd64.deb
813029466a60f10c5d3d96feeb094ca976f6d5e7be2221e9bc199a0dff1e9198 393638
libpq5_8.3.10-0lenny1_amd64.deb
bc534cf1f33502e6615803b790b69d83344ac3389032a6fc3dfafe1bba82f983 285438
libecpg6_8.3.10-0lenny1_amd64.deb
6f234f181cba1201f46cd48f5acecfd182067117bc8d0da191dfc1ddb8b5e675 474648
libecpg-dev_8.3.10-0lenny1_amd64.deb
1ce003c15ed7babeb868ebc87047dfe3b265bf4e07953ca0b3250e106675ed4c 264042
libecpg-compat3_8.3.10-0lenny1_amd64.deb
1c4bfaeef7b88e6c9f8f6703a6edd7a5a45a681c57c0b8184f78e27caa09d591 285602
libpgtypes3_8.3.10-0lenny1_amd64.deb
f20920fe80050c709fec7859d0e17ded9d58d64d9f77a6d7a4f86199eaab2d5a 5375442
postgresql-8.3_8.3.10-0lenny1_amd64.deb
f252341239237d646a7ea069ff6ae680d451ea91f9b9a0f3e331f391f284de7e 1701826
postgresql-client-8.3_8.3.10-0lenny1_amd64.deb
0b885bb365443689e96e1c25bd07bcca15b2563043718148d9fb915451b1495a 829514
postgresql-server-dev-8.3_8.3.10-0lenny1_amd64.deb
e542796f5ff1b989183317555451a55996f12dfebd3c17fb1c3b108577ce52a5 622318
postgresql-contrib-8.3_8.3.10-0lenny1_amd64.deb
b19fa588c4970142ce4e0c97fc54c182479af0d2cf8d53fe3d5a1903ff455041 283988
postgresql-plperl-8.3_8.3.10-0lenny1_amd64.deb
cc71b939a351bbf7196e822ee71af93ecaa2870a91f6b90612900d06866bfb61 277856
postgresql-plpython-8.3_8.3.10-0lenny1_amd64.deb
0d32c667387554d3bc47ad8e442c32d7ba28b83f7cf05b745d6c6ca46c4c60bb 275118
postgresql-pltcl-8.3_8.3.10-0lenny1_amd64.deb
Files:
5f8ef828326e77bfde517459212db18a 1673 misc optional
postgresql-8.3_8.3.10-0lenny1.dsc
6c528104faf2808dcbdbd4a644920fe1 13870846 misc optional
postgresql-8.3_8.3.10.orig.tar.gz
84363340a6cbe0cc5ea56e1cb4ddc943 49268 misc optional
postgresql-8.3_8.3.10-0lenny1.diff.gz
c6995c9dc936cad09f7d0b986fede84c 2177644 doc optional
postgresql-doc-8.3_8.3.10-0lenny1_all.deb
63a84a949ceda3fa41202b83d6737815 256110 misc optional
postgresql_8.3.10-0lenny1_all.deb
04830441795a94e493c3b1b6d529769b 256076 misc optional
postgresql-client_8.3.10-0lenny1_all.deb
53c24fe905164b5d95074aba38bb5fd3 255918 doc optional
postgresql-doc_8.3.10-0lenny1_all.deb
82e60633995b339c04d264d0106e6868 255978 misc optional
postgresql-contrib_8.3.10-0lenny1_all.deb
beded097d640da5a0f785643342dc582 462144 libdevel optional
libpq-dev_8.3.10-0lenny1_amd64.deb
56c7151ad7aba49409dc888be5f2b1b3 393638 libs optional
libpq5_8.3.10-0lenny1_amd64.deb
84c16f8204ad60f532e38dec8bae060f 285438 libs optional
libecpg6_8.3.10-0lenny1_amd64.deb
cc16d0303a47efb47ded163ba102bb73 474648 libdevel optional
libecpg-dev_8.3.10-0lenny1_amd64.deb
8cb4c769ade4136a378a52c857a4a228 264042 libs optional
libecpg-compat3_8.3.10-0lenny1_amd64.deb
af3a276c49a0c75fbd03f81bbaf524c1 285602 libs optional
libpgtypes3_8.3.10-0lenny1_amd64.deb
6f3e53f2ffe2157dec9a162c65fb2038 5375442 misc optional
postgresql-8.3_8.3.10-0lenny1_amd64.deb
ad4c263f32b78813a36a61abce222024 1701826 misc optional
postgresql-client-8.3_8.3.10-0lenny1_amd64.deb
00fa84e7f45bdd4681e1eca59b3f5f00 829514 libdevel optional
postgresql-server-dev-8.3_8.3.10-0lenny1_amd64.deb
4c80ec4af52c6f2d1d7c536b8cec01c5 622318 misc optional
postgresql-contrib-8.3_8.3.10-0lenny1_amd64.deb
ccaa0f24a8964c7d58d635cc3d499709 283988 misc optional
postgresql-plperl-8.3_8.3.10-0lenny1_amd64.deb
7e2fb9327a5396978902255a4b20353e 277856 misc optional
postgresql-plpython-8.3_8.3.10-0lenny1_amd64.deb
90e93d7d0b47f08437d627620ed95eb9 275118 misc optional
postgresql-pltcl-8.3_8.3.10-0lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku8nrQACgkQDecnbV4Fd/L7JACgiJWeBkoVadi0N1myRW6hofJV
GHcAoOMZRKXFrdFLH6Sc58uo4alHE7yK
=H5H/
-----END PGP SIGNATURE-----
--- End Message ---
