[Desktop-packages] [Bug 1116336] Re: New upstream microreleases 9.1.8, 8.4.16, 8.3.23

Tue, 12 Feb 2013 09:41:04 -0800 

This bug was fixed in the package postgresql-8.4 - 8.4.16-0ubuntu12.04

---------------
postgresql-8.4 (8.4.16-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server.  In principle an attacker might be able to use it to examine the
      contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <martin.p...@ubuntu.com>   Tue, 05 Feb 2013 16:27:57 +0100

** Changed in: postgresql-8.4 (Ubuntu Precise)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-9.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1116336

Title:
  New upstream microreleases 9.1.8, 8.4.16, 8.3.23

Status in “postgresql-8.3” package in Ubuntu:
  Invalid
Status in “postgresql-8.4” package in Ubuntu:
  Invalid
Status in “postgresql-9.1” package in Ubuntu:
  Fix Released
Status in “postgresql-8.4” source package in Lucid:
  Fix Released
Status in “postgresql-9.1” source package in Oneiric:
  Fix Released
Status in “postgresql-8.4” source package in Precise:
  Fix Released
Status in “postgresql-9.1” source package in Precise:
  Fix Released
Status in “postgresql-9.1” source package in Quantal:
  Fix Released
Status in “postgresql-9.1” source package in Raring:
  Fix Released
Status in “postgresql-8.3” source package in Hardy:
  Fix Released

Bug description:
  PostgreSQL will announce new upstream microreleases in two days which
  include one security issue. I'll update the description with the
  official annoucement once it goes public.

  The updates are on lillypilly.canonical.com:~pitti/psql/ . I'll move
  them to a HTTP accessible location once upstream goes public.

  UPDATE 2013-02-07: It's out,
  http://www.postgresql.org/about/news/1446/.

  I moved the updates to
  http://people.canonical.com/~pitti/packages/psql/  , aka
  lillypilly.canonical.com:~pitti/public_html/packages/psql/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-8.3/+bug/1116336/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to