Your message dated Thu, 10 Feb 2005 08:02:38 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#294406: fixed in postgresql 7.4.7-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Feb 2005 16:30:32 +0000
>From [EMAIL PROTECTED] Wed Feb 09 08:30:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CyujY-00025z-00; Wed, 09 Feb 2005 08:30:32 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id A1B6017F13
for <[EMAIL PROTECTED]>; Wed, 9 Feb 2005 16:29:11 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 27CE26E20E; Wed, 9 Feb 2005 11:30:54 -0500 (EST)
Date: Wed, 9 Feb 2005 11:30:54 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple buffer overflows in gram.y (CAN-2005-0247)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+"
Content-Disposition: inline
X-Reportbug-Version: 3.7.1
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: postgresql
Version: 7.4.7-1
Severity: grave
Tags: security patch
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may al=
low
attackers to execute arbitrary code via (1) a large number of variables in a
SQL statement being handled by the read_sql_construct function, (2) a large
number of INTO variables in a SELECT statement being handled by the
make_select_stmt function, (4) a large number of arbitrary variables in a
SELECT statement being handled by the make_select_stmt function, and (4) a
large number of INTO variables in a FETCH statement being handled by the
make_fetch_stmt function, a different set of vulnerabilities than
CAN-2005-0245.
This is fixed in cvs for version 7.4 here:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.=
diff?r1=3D1.48.2.1;r2=3D1.48.2.2
--=20
see shy jo
--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCjq+d8HHehbQuO8RAvtnAKCwNUGr5/jOAqDwg5azkjoQgr5/JgCdEfpl
cqj1fn3zhindk84c02Pt80g=
=rbMu
-----END PGP SIGNATURE-----
--8t9RHnE3ZwKMSgU+--
---------------------------------------
Received: (at 294406-close) by bugs.debian.org; 10 Feb 2005 13:08:02 +0000
>From [EMAIL PROTECTED] Thu Feb 10 05:08:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CzE37-0007jK-00; Thu, 10 Feb 2005 05:08:01 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CzDxu-0003QV-00; Thu, 10 Feb 2005 08:02:38 -0500
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#294406: fixed in postgresql 7.4.7-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 10 Feb 2005 08:02:38 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: postgresql
Source-Version: 7.4.7-2
We believe that the bug you reported is fixed in the latest version of
postgresql, which is due to be installed in the Debian FTP archive:
libecpg-dev_7.4.7-2_i386.deb
to pool/main/p/postgresql/libecpg-dev_7.4.7-2_i386.deb
libecpg4_7.4.7-2_i386.deb
to pool/main/p/postgresql/libecpg4_7.4.7-2_i386.deb
libpgtcl-dev_7.4.7-2_i386.deb
to pool/main/p/postgresql/libpgtcl-dev_7.4.7-2_i386.deb
libpgtcl_7.4.7-2_i386.deb
to pool/main/p/postgresql/libpgtcl_7.4.7-2_i386.deb
libpq3_7.4.7-2_i386.deb
to pool/main/p/postgresql/libpq3_7.4.7-2_i386.deb
postgresql-client_7.4.7-2_i386.deb
to pool/main/p/postgresql/postgresql-client_7.4.7-2_i386.deb
postgresql-contrib_7.4.7-2_i386.deb
to pool/main/p/postgresql/postgresql-contrib_7.4.7-2_i386.deb
postgresql-dev_7.4.7-2_i386.deb
to pool/main/p/postgresql/postgresql-dev_7.4.7-2_i386.deb
postgresql-doc_7.4.7-2_all.deb
to pool/main/p/postgresql/postgresql-doc_7.4.7-2_all.deb
postgresql_7.4.7-2.diff.gz
to pool/main/p/postgresql/postgresql_7.4.7-2.diff.gz
postgresql_7.4.7-2.dsc
to pool/main/p/postgresql/postgresql_7.4.7-2.dsc
postgresql_7.4.7-2_i386.deb
to pool/main/p/postgresql/postgresql_7.4.7-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <[EMAIL PROTECTED]> (supplier of updated postgresql package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 10 Feb 2005 13:04:02 +0100
Source: postgresql
Binary: postgresql-client libecpg4 libpgtcl-dev libpq3 postgresql-doc
libecpg-dev postgresql-dev postgresql libpgtcl postgresql-contrib
Architecture: source i386 all
Version: 7.4.7-2
Distribution: unstable
Urgency: high
Maintainer: Martin Pitt <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg4 - run-time library for ECPG programs
libpgtcl - Tcl procedural language, library and front-end for PostgreSQL
libpgtcl-dev - Tcl library for PostgreSQL - development files
libpq3 - PostgreSQL C client library
postgresql - object-relational SQL database management system
postgresql-client - front-end programs for PostgreSQL
postgresql-contrib - additional facilities for PostgreSQL
postgresql-dev - development files for libpq (PostgreSQL library)
postgresql-doc - documentation for the PostgreSQL database management system
Closes: 294406
Changes:
postgresql (7.4.7-2) unstable; urgency=high
.
* Urgency high since this fixes a security vulnerability (and nothing else).
* Added patch 50CAN-2005-0247:
- Fix multiple buffer overflows in the PL/PGSQL parser's gram.y file.
- CAN-2005-0247
- Closes: #294406
* Added CAN numbers to previous changelog version.
Files:
453cbb42e518d79c3a6baa14fd72f3d4 973 misc optional postgresql_7.4.7-2.dsc
e1a38f5f6ffe2bbe9711aaa3709d1657 149729 misc optional
postgresql_7.4.7-2.diff.gz
d4e6ed26245f6a4faf6662bae72ff74a 2392310 doc optional
postgresql-doc_7.4.7-2_all.deb
d7de152d1941fcaa113815670001b2ac 3792608 misc optional
postgresql_7.4.7-2_i386.deb
bd301d08b30188d5d2f6fd3935990739 537336 misc optional
postgresql-client_7.4.7-2_i386.deb
dd01e499e2b3d4cf5865a9f8094ecf30 512248 libdevel optional
postgresql-dev_7.4.7-2_i386.deb
f8497089698e3127152034b7bec97324 124418 libs optional libpq3_7.4.7-2_i386.deb
77d8959da4d49c81cceef57905517085 93412 libs optional libecpg4_7.4.7-2_i386.deb
c97b77e83de76d9baede288ff15a6f49 204722 libdevel optional
libecpg-dev_7.4.7-2_i386.deb
e993f6af4e2a457b602e7182682fab65 75452 libs optional libpgtcl_7.4.7-2_i386.deb
e4bdcf23f249b850adf947406288d525 53268 libdevel optional
libpgtcl-dev_7.4.7-2_i386.deb
4955dff14d526e7ac466adbe3e197204 619628 misc optional
postgresql-contrib_7.4.7-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCC1fwDecnbV4Fd/IRAtBSAKCuUpcv57UEcYSQrjeafOK6bf3AfQCgkNuO
yxJhfSnrIdJ4PxyN4XNfX1M=
=fV0t
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
