-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 02 Apr 2013 10:13:55 +0200 Source: postgresql-9.2 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.2 postgresql-9.2-dbg postgresql-client-9.2 postgresql-server-dev-9.2 postgresql-doc-9.2 postgresql-contrib-9.2 postgresql-plperl-9.2 postgresql-plpython-9.2 postgresql-plpython3-9.2 postgresql-pltcl-9.2 Architecture: source amd64 all Version: 9.2.4-1 Distribution: experimental Urgency: low Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-pub...@lists.alioth.debian.org> Changed-By: Martin Pitt <mp...@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.2 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.2 - object-relational SQL database, version 9.2 server postgresql-9.2-dbg - debug symbols for postgresql-9.2 postgresql-client-9.2 - front-end programs for PostgreSQL 9.2 postgresql-contrib-9.2 - additional facilities for PostgreSQL postgresql-doc-9.2 - documentation for the PostgreSQL database management system postgresql-plperl-9.2 - PL/Perl procedural language for PostgreSQL 9.2 postgresql-plpython-9.2 - PL/Python procedural language for PostgreSQL 9.2 postgresql-plpython3-9.2 - PL/Python 3 procedural language for PostgreSQL 9.2 postgresql-pltcl-9.2 - PL/Tcl procedural language for PostgreSQL 9.2 postgresql-server-dev-9.2 - development files for PostgreSQL 9.2 server-side programming Changes: postgresql-9.2 (9.2.4-1) experimental; urgency=low . * New upstream security/bug fix release: - Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. [CVE-2013-1899] - Reset OpenSSL randomness state in each postmaster child process. This avoids a scenario wherein random numbers generated by "contrib/pgcrypto" functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. [CVE-2013-1900] - Make REPLICATION privilege checks test current user not authenticated user. An unprivileged database user could exploit this mistake to call pg_start_backup() or pg_stop_backup(), thus possibly interfering with creation of routine backups. [CVE-2013-1901] - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's not appropriate to do so. The core geometric types perform comparisons using "fuzzy" equality, but gist_box_same must do exact comparisons, else GiST indexes using it might become inconsistent. After installing this update, users should "REINDEX" any GiST indexes on box, polygon, circle, or point columns, since all of these use gist_box_same. - Fix erroneous range-union and penalty logic in GiST indexes that use "contrib/btree_gist" for variable-width data types, that is text, bytea, bit, and numeric columns. These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in useless index bloat. Users are advised to "REINDEX" such indexes after installing this update. - Fix bugs in GiST page splitting code for multi-column indexes. These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in indexes that are unnecessarily inefficient to search. Users are advised to "REINDEX" multi-column GiST indexes after installing this update. - See HISTORY/changelog.gz for details about other bug fixes. * Bump Standards-Version to 3.9.4 (no changes necessary). Checksums-Sha1: 075aa988ddacd7aef699097b47baeb8d40e2553c 3321 postgresql-9.2_9.2.4-1.dsc 75b53c884cb10ed9404747b51677358f12082152 16395184 postgresql-9.2_9.2.4.orig.tar.bz2 841b466894de1390c71156dd355ed5f01eeafa1a 22725 postgresql-9.2_9.2.4-1.debian.tar.gz 1014d2159bd42310cbc90096efab04d8a2fe496a 598370 libpq-dev_9.2.4-1_amd64.deb 80fae17cd0e75cff76e77053ac78b8e2f16aac07 536444 libpq5_9.2.4-1_amd64.deb 410f18de80d86b6698a703fa27fee24d2818a37e 495530 libecpg6_9.2.4-1_amd64.deb 47e29a98e488ddcb63853764b0d1996a063dbe6f 627628 libecpg-dev_9.2.4-1_amd64.deb 7c1362ce4562fcda9e008b1351646f4046599290 433228 libecpg-compat3_9.2.4-1_amd64.deb d89a5be23422dc0f54a6236432acca1a1bb81886 454628 libpgtypes3_9.2.4-1_amd64.deb f698ebd45cbafe151543abe1518e47e8d36dd883 3770544 postgresql-9.2_9.2.4-1_amd64.deb f9be511d9312af2c5505130e05876fb7dd9fe0d9 7530160 postgresql-9.2-dbg_9.2.4-1_amd64.deb c8fba6266868032163d5e3a55698c8708485360e 1395908 postgresql-client-9.2_9.2.4-1_amd64.deb f4e2faf188b67a6a3fc528a5bba9ebbe4c7a7e2f 990986 postgresql-server-dev-9.2_9.2.4-1_amd64.deb 2a196f0bbbc009d2ef7d358251fc49936ae11809 2093138 postgresql-doc-9.2_9.2.4-1_all.deb 7c3d21d5ac50a3f0caada07c973e19c9bf104f00 802142 postgresql-contrib-9.2_9.2.4-1_amd64.deb 1aa395402dfdbdb8ad21db27ff51907a849ae145 473460 postgresql-plperl-9.2_9.2.4-1_amd64.deb 0572b70cab67c58add0933b02ce767c3f5d642f3 462102 postgresql-plpython-9.2_9.2.4-1_amd64.deb 4453a79f75bddf24a2742230530459f37abcd94d 461760 postgresql-plpython3-9.2_9.2.4-1_amd64.deb dd105ee8eb7b424efc8ba385180be7af0adef9f8 447826 postgresql-pltcl-9.2_9.2.4-1_amd64.deb Checksums-Sha256: c48b5ee900364828243ef67366d917f46c07f76f01d4c7796205c1c167f44f7f 3321 postgresql-9.2_9.2.4-1.dsc d97dd918a88a4449225998f46aafa85216a3f89163a3411830d6890507ffae93 16395184 postgresql-9.2_9.2.4.orig.tar.bz2 91b419b4f057b4bc3206ab21b4af39f1803fa9f163402144c4ba0c166f89a205 22725 postgresql-9.2_9.2.4-1.debian.tar.gz d554bb05093af6f4fcaae7b3d9cf42021bd514757eb70c2ee31eeadfa0cd5c21 598370 libpq-dev_9.2.4-1_amd64.deb e747858ec5bbfc3bc1d7acefdb7c8cf4dac67af4db2fc8c7f4d63a510fa9cafe 536444 libpq5_9.2.4-1_amd64.deb f3ea94daa5a93f1ba3d2c4201d299ee4dc4f9dd8ad8836772c1fb1218a8a56cc 495530 libecpg6_9.2.4-1_amd64.deb 9dcbae46e0c0efa53f11e790e18b69396cd70c07008ed4c8a55ab641d428da38 627628 libecpg-dev_9.2.4-1_amd64.deb 0255cb9c260b644ae7489c85cc5a2fe98e7f93b9c22a0223d950c80a4f49f37c 433228 libecpg-compat3_9.2.4-1_amd64.deb 78b44ad3954fdab5768ecf596295c30bb475df3508781777be4e3be8516551ac 454628 libpgtypes3_9.2.4-1_amd64.deb 0287a9ea6e533ce1867e8928a7435cbacf0aa8d2cdd4b3fe0f52b7ea1c6b8160 3770544 postgresql-9.2_9.2.4-1_amd64.deb 01d6d5c591b191e4217ea0a085eb741397c1db6887ee936c30cb06ea3ac75d4a 7530160 postgresql-9.2-dbg_9.2.4-1_amd64.deb cd3a5a667e9ec5bd7d5fd3bcd008125e223e16fde7d457c6c5c1793f22548a82 1395908 postgresql-client-9.2_9.2.4-1_amd64.deb a0b8e2cc9c3c4f3958cfd5c58424eee6efed3b71c8ad5079b1dcbeb341c69f68 990986 postgresql-server-dev-9.2_9.2.4-1_amd64.deb 16c735e0e737474815b661f9975d3fefc4ba6c5768dad46f1bfca6734996a985 2093138 postgresql-doc-9.2_9.2.4-1_all.deb 8c0183be055139d1429440a1fcbe61824dfbceb10019cd61b7dd0a9521ca3446 802142 postgresql-contrib-9.2_9.2.4-1_amd64.deb f2a683bb2b11185ced5f08a2c587237b7c94c6a765715951f3d50fe4d58ff1e9 473460 postgresql-plperl-9.2_9.2.4-1_amd64.deb 4020165dde02f26343f5d260ea09697fca6aa5115ceb85b74871635237f8e8f4 462102 postgresql-plpython-9.2_9.2.4-1_amd64.deb ec6cd90e33e546cd12092677cd4589ff3a0eff5f2eab861584e55fe630b8f6a9 461760 postgresql-plpython3-9.2_9.2.4-1_amd64.deb a355ca2213abbe9bc60f5af88568f57c4eeb8fe6497fee82fda571a5e53fc0ec 447826 postgresql-pltcl-9.2_9.2.4-1_amd64.deb Files: fa46709568c3d9411224bab5bec06221 3321 database optional postgresql-9.2_9.2.4-1.dsc 6ee5bb53b97da7c6ad9cb0825d3300dd 16395184 database optional postgresql-9.2_9.2.4.orig.tar.bz2 22229c61494076e98ab374674d148630 22725 database optional postgresql-9.2_9.2.4-1.debian.tar.gz 712d644c8594b918217cb396bf1458e6 598370 libdevel optional libpq-dev_9.2.4-1_amd64.deb 147980865847b6bc87344a8637abb217 536444 libs optional libpq5_9.2.4-1_amd64.deb 98772cd15325b394d8e458e87b31e70b 495530 libs optional libecpg6_9.2.4-1_amd64.deb 387dd91ce8e2c733383a0f3134000cc1 627628 libdevel optional libecpg-dev_9.2.4-1_amd64.deb a70a12eb24310e4ca18daba2235c6b07 433228 libs optional libecpg-compat3_9.2.4-1_amd64.deb b463c2b1e917373a8ea77785ca018188 454628 libs optional libpgtypes3_9.2.4-1_amd64.deb 2f1700276b6b0e0ab7f8cf7b740a10ec 3770544 database optional postgresql-9.2_9.2.4-1_amd64.deb cc864b5af93ad26a763bfaf8f046c1db 7530160 debug extra postgresql-9.2-dbg_9.2.4-1_amd64.deb 18736e9b4f953d57a2476afe516227fb 1395908 database optional postgresql-client-9.2_9.2.4-1_amd64.deb 460d30c9e0735eff1740125af275f771 990986 libdevel optional postgresql-server-dev-9.2_9.2.4-1_amd64.deb 2d83e988468c1844e543e809ac46e2f8 2093138 doc optional postgresql-doc-9.2_9.2.4-1_all.deb 43a8dc0e4d16434b6a6230a4a9d67441 802142 database optional postgresql-contrib-9.2_9.2.4-1_amd64.deb 30b24d532558e73b9c3cb3a84b5e638a 473460 database optional postgresql-plperl-9.2_9.2.4-1_amd64.deb d457fa0fa3bd56d419a8a6eeaf00ba08 462102 database optional postgresql-plpython-9.2_9.2.4-1_amd64.deb e7a91d2d03cb0d9e1078c51fc070493e 461760 database optional postgresql-plpython3-9.2_9.2.4-1_amd64.deb 5909c0208b6932838aac39e328324ee2 447826 database optional postgresql-pltcl-9.2_9.2.4-1_amd64.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRWpbCAAoJEPmIJawmtHufzVoP/2zT8kiNYY0MCQoDtmQ583SZ 6lZl5Rja0159sFkLWA+B8P8B1RLAhzYYR0WQ0rJaB9zr9ZxCQsRkNp0vsS4nwhtu Oi1waAjquUy8HAHyvewL1ubrt4091Kx4Jiq2s23aVlqNMfyvf3fnixmOb0nzxEk6 5gcyHUl12/O2N31/K6u+mwrcRwegzUg0W6J3UXOEv4hiudpFcPFymEz9dnPNPmYk RlAUoVSXEU+nT0PTiSTyrAy5trqyqSWeIlCFqaCx5ilM1zFk6gownASzJxLp7ObM DdUQ/hJ6Fnv9XVc2ENsZWkAfH8ZuU/vRSiGvi8OKNsISJZ/VDrbDeFJM1NDYLamO 7yqEX8VSkCXrVgR7WxXaYNHzGAjf+Eacy58c6QyUAykLuUoCvcr2zNLPagoPuCuK FiTI16QelWwLDt3nbTj5Dwa+HEegbdcDNjmf3NVFZF1xAY1mq+bopUWol166Kmev 3XTvUL6ZiJaz9GbqHgSUkQLwxnB9YuEX4eTXOlTCEFPl20kNNsVytz7LRcLhDa8m deXv1mYDb3qP72H/d7U4StgQ5tCl0yJNJ2Z+PAsis7kWlSiJzY/Pf43iJwotQHrg GDfqH4o9Gc5bz8qvNa7U/iGjGwIrkY4KmouGGzJRVJHrQ6ORgUP1DN9z1EVW1asH O/jdNIg9XGyg3+xIN8HT =9PRx -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1unkj2-0003gb...@franck.debian.org