-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 02 Apr 2013 10:26:14 +0200 Source: postgresql-9.1 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1 Architecture: source amd64 all Version: 9.1.9-1 Distribution: unstable Urgency: high Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-pub...@lists.alioth.debian.org> Changed-By: Martin Pitt <mp...@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.1 - object-relational SQL database, version 9.1 server postgresql-9.1-dbg - debug symbols for postgresql-9.1 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1 postgresql-contrib-9.1 - additional facilities for PostgreSQL postgresql-doc-9.1 - documentation for the PostgreSQL database management system postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1 postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming Closes: 704479 Changes: postgresql-9.1 (9.1.9-1) unstable; urgency=high . * Urgency high because of critical remote data destruction vulnerability. * New upstream security/bug fix release: - Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. [CVE-2013-1899] (Closes: #704479) - Reset OpenSSL randomness state in each postmaster child process. This avoids a scenario wherein random numbers generated by "contrib/pgcrypto" functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. [CVE-2013-1900] - Make REPLICATION privilege checks test current user not authenticated user. An unprivileged database user could exploit this mistake to call pg_start_backup() or pg_stop_backup(), thus possibly interfering with creation of routine backups. [CVE-2013-1901] - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's not appropriate to do so. The core geometric types perform comparisons using "fuzzy" equality, but gist_box_same must do exact comparisons, else GiST indexes using it might become inconsistent. After installing this update, users should "REINDEX" any GiST indexes on box, polygon, circle, or point columns, since all of these use gist_box_same. - Fix erroneous range-union and penalty logic in GiST indexes that use "contrib/btree_gist" for variable-width data types, that is text, bytea, bit, and numeric columns. These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in useless index bloat. Users are advised to "REINDEX" such indexes after installing this update. - Fix bugs in GiST page splitting code for multi-column indexes. These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in indexes that are unnecessarily inefficient to search. Users are advised to "REINDEX" multi-column GiST indexes after installing this update. - See HISTORY/changelog.gz for details about the other bug fixes. * Bump Standards-Version to 3.9.4 (no changes necessary). Checksums-Sha1: 54286d9aac66d4bf0efe9c8e33b03c9cf3588f49 3319 postgresql-9.1_9.1.9-1.dsc 4cbbfc5be9b8e6fe3d67c5075c212bcb057eac20 15815421 postgresql-9.1_9.1.9.orig.tar.bz2 33700436b2dcddf0418e98e7c7079ffff6e38cd2 37114 postgresql-9.1_9.1.9-1.debian.tar.gz 783a762683145051c23924b7dfde9e5422608425 580800 libpq-dev_9.1.9-1_amd64.deb 4bcb8a01012e521ad144f078aa543cd7b0de12ec 527132 libpq5_9.1.9-1_amd64.deb d6d2c071f33b383cd7791b459bbf47b7692b0029 483620 libecpg6_9.1.9-1_amd64.deb 32f911d451628d6bcb984880659d2892648925de 614122 libecpg-dev_9.1.9-1_amd64.deb f49f06b42a189a4d27913eca8ddfbcd0584a19e2 422076 libecpg-compat3_9.1.9-1_amd64.deb 46465cae1f749e5e634f915ba35bd4b8e604004d 442654 libpgtypes3_9.1.9-1_amd64.deb 35c766245bfe32dc3984b423521759d2bd287709 3619888 postgresql-9.1_9.1.9-1_amd64.deb 0e8946c801a3e80d8576fc6418f2d28190506d02 7137884 postgresql-9.1-dbg_9.1.9-1_amd64.deb af8fefc9a51f0ef543682d76fb159061d43e434c 1384696 postgresql-client-9.1_9.1.9-1_amd64.deb 8db8563867f1975154af946a6c23aa6c7c0fd798 939864 postgresql-server-dev-9.1_9.1.9-1_amd64.deb aae813c0b5603cf90aa2101bbaf2d34933b469c9 2008722 postgresql-doc-9.1_9.1.9-1_all.deb 39e3a3dd5227503cf58aad070822d08f22e63d77 752720 postgresql-contrib-9.1_9.1.9-1_amd64.deb a44784fcd2941f7c09c897b893858de8073f3ddc 461570 postgresql-plperl-9.1_9.1.9-1_amd64.deb b453c387b0aa63fcfed42c8f87fc439d4575174e 445772 postgresql-plpython-9.1_9.1.9-1_amd64.deb 600c5930efd879c53d15721965fdcef8e8f898d7 445570 postgresql-plpython3-9.1_9.1.9-1_amd64.deb e09dd3374eeb72f1b7f7918e06ecfc9bf3c9bab7 435910 postgresql-pltcl-9.1_9.1.9-1_amd64.deb Checksums-Sha256: 49664a2e061398e318ce44b5b9ae8da601e1abf99d4024256ced86106b99224a 3319 postgresql-9.1_9.1.9-1.dsc 28a533e181009308722e8b3c51f1ea7224ab910c380ac1a86f07118667602dd8 15815421 postgresql-9.1_9.1.9.orig.tar.bz2 9c294469b01adcff8c9610856f8a7205efb96e98921cd5fba30230322f91e238 37114 postgresql-9.1_9.1.9-1.debian.tar.gz e631870075e0ca0c76727f22fdcf10406dbcbd97e4c440fffc329b8aee8eb9dd 580800 libpq-dev_9.1.9-1_amd64.deb c45e9b49b99d1082414c9a939bd10f883372ae95bfa599c8576e26e9b00e72ff 527132 libpq5_9.1.9-1_amd64.deb 6b9482da9c9b00bc36a290d886a9d7f8ef716490af5422c74903d46072bb6a42 483620 libecpg6_9.1.9-1_amd64.deb bef38aa7cc4b9df73d2fe5255f794bc6ce831e312c0796d88297f5dc0fb6c641 614122 libecpg-dev_9.1.9-1_amd64.deb a71ac2bcf729418c59bfd2d3ad501317d640fe22d940aa4745b1315a9f123261 422076 libecpg-compat3_9.1.9-1_amd64.deb 43f8afea66ec810c955d5bf7b9b5d7ac659399e3965fd0cfe752403c91bd6f3a 442654 libpgtypes3_9.1.9-1_amd64.deb 2b7c1739df16eec625739b2617cb778393a73c18bcf264c995b3e04c7447fa75 3619888 postgresql-9.1_9.1.9-1_amd64.deb a944b8c259555dd2a3507827d7525d3416fc78b35891d19987909b7c71f319f0 7137884 postgresql-9.1-dbg_9.1.9-1_amd64.deb ba0282edde59aec222ffac03cf57547f3da6e39c391432d66052c9f89c37bb62 1384696 postgresql-client-9.1_9.1.9-1_amd64.deb ba9926e459227e3b5728f49128049be88c733b45bf860779892d941f296bd7f9 939864 postgresql-server-dev-9.1_9.1.9-1_amd64.deb a9444af66120703b1f5aad80f0c061c3edc9e19c734138c9453d7fd1d965f3fe 2008722 postgresql-doc-9.1_9.1.9-1_all.deb 911479988637533e03c681335bf22bfdf5384eb7024c89d7053bb85605e0643a 752720 postgresql-contrib-9.1_9.1.9-1_amd64.deb 4bea6518ab6a0074d17d55701ad30075b92f6ebd69e2009c816985d699cc7211 461570 postgresql-plperl-9.1_9.1.9-1_amd64.deb 1edc8f4f8fa82b614b38f21e048681cdf032f80d496ea7aa1db26d8526a8f5c7 445772 postgresql-plpython-9.1_9.1.9-1_amd64.deb 33093b5c5888a3ebf26528cf5544423f76fe19b4aa9fde2d1641a9701d96e648 445570 postgresql-plpython3-9.1_9.1.9-1_amd64.deb 74e2d2fc34ed17234bc7780d6a500facababe75f5581890f804ab72763edab2c 435910 postgresql-pltcl-9.1_9.1.9-1_amd64.deb Files: 95da5776e121c6d67e308cb275a836b4 3319 database optional postgresql-9.1_9.1.9-1.dsc 6b5ea53dde48fcd79acfc8c196b83535 15815421 database optional postgresql-9.1_9.1.9.orig.tar.bz2 4e98d63cd37afa1cc2c17464d6c357a3 37114 database optional postgresql-9.1_9.1.9-1.debian.tar.gz 72f67278056fc3648f8dc30831a8eca8 580800 libdevel optional libpq-dev_9.1.9-1_amd64.deb af596f37cb3c848508435a4c8082df37 527132 libs optional libpq5_9.1.9-1_amd64.deb e454dce7501715ca5c87fad70794e226 483620 libs optional libecpg6_9.1.9-1_amd64.deb 3042726434cd8e68f0c8c72e9196b4b8 614122 libdevel optional libecpg-dev_9.1.9-1_amd64.deb d1539f7c99db8e3c57e6203e3ab6b796 422076 libs optional libecpg-compat3_9.1.9-1_amd64.deb cb20f62bc2e0bd9f50737377832d860e 442654 libs optional libpgtypes3_9.1.9-1_amd64.deb eaffb680c8905ecf0249cae84307f69c 3619888 database optional postgresql-9.1_9.1.9-1_amd64.deb a7303e1d2a6e2c5ba83985cb1815daf9 7137884 debug extra postgresql-9.1-dbg_9.1.9-1_amd64.deb 2bb1563d9eaaf0c3d3456214c90740c0 1384696 database optional postgresql-client-9.1_9.1.9-1_amd64.deb e4f43883101178d186b71ac196429dac 939864 libdevel optional postgresql-server-dev-9.1_9.1.9-1_amd64.deb 06f053cf1e6f788645df4e202e5207a8 2008722 doc optional postgresql-doc-9.1_9.1.9-1_all.deb 17f6d662561f5f885705703aaf1ef55f 752720 database optional postgresql-contrib-9.1_9.1.9-1_amd64.deb 27596d541fdb9c7bc61ad959b8901b39 461570 database optional postgresql-plperl-9.1_9.1.9-1_amd64.deb 425c81b851dd20beb6d8c63ac01e2a26 445772 database optional postgresql-plpython-9.1_9.1.9-1_amd64.deb caa9964617beb009dc2142350dbd1c70 445570 database optional postgresql-plpython3-9.1_9.1.9-1_amd64.deb 6b806f7e776e750a263eca22cd6d17f5 435910 database optional postgresql-pltcl-9.1_9.1.9-1_amd64.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRWprWAAoJEPmIJawmtHufsEMQALzZTLnnc5hTDhnoRpynWKEd jzntktCKLh1KWFUOBBtbHS68GxBZM9vtn281sU01IRAdVyJm1WGmsDj2pm3y98YT kALLrTS1PtaTt9CDmwRNrvLUgaWSBpmPuaIqXXJ/1AB9H1jUEChJDIJ4hZuQug30 PiUycR2URxrWuqpHQYLBu1pulyMnCBUJQhVqX9rZbKswiV0RtGGu20Sfd7ba2pha aIR0Z8O27QXLP8Ajz8dsqAMIIFMKW4S1HZF3FyStMyYIA08cisoFQzNdl6LGyIBB 2+9iZYvCEOvKmDqiQtXOic6gsvPGBKe6/0YQBA20oXnyDgRhC6/m7LZIzPR2QIAN /iVIosKI8PY5cXETKY1wvqrDinsDh3+JUn8UW38ARNw1lYiUXuOkJAdAxvPFU8hM CxVUS3pcyTD1kq4iCoj8XX1IrJcUX3n67U8rWKpLfyJff8gsbrth0WZ/pVH4oPrr tzx2iBj5ib5BeBD6uE1bM62CsBHQk/py1LTrJrf4jB8jzYG6Fzavx9KlWqi3dpUU AqhlBkfBalI0GHg0EoWSSUcAUH3dsFDjEISY3bCfbdH8K9gcUeH/9ag52TSY4iAd okAVq5qqpLl1t0mHYS56BlRcR7wB7HDda56BFlHftwrHsSYpTmptcMGWqFl1lsvd BEBzxl8hiy4el64WpzKq =l65+ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1unkxp-0001it...@franck.debian.org