postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium
* New upstream bug fix release: (LP: #1348176)
- Various data integrity and other bug fixes.
- Secure Unix-domain sockets of temporary postmasters started during make
check.
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
- See release notes for details:
http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
now.
Date: Thu, 24 Jul 2014 18:17:34 +0200
Changed-By: Martin Pitt <martin.p...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/postgresql-8.4/8.4.22-0ubuntu0.10.04
Format: 1.8
Date: Thu, 24 Jul 2014 18:17:34 +0200
Source: postgresql-8.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4
postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4
postgresql-plpython-8.4 postgresql-pltcl-8.4 postgresql postgresql-client
postgresql-doc postgresql-contrib
Architecture: source
Version: 8.4.22-0ubuntu0.10.04
Distribution: lucid-proposed
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Martin Pitt <martin.p...@ubuntu.com>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 8.4
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql - object-relational SQL database (supported version)
postgresql-8.4 - object-relational SQL database, version 8.4 server
postgresql-client - front-end programs for PostgreSQL (supported version)
postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
postgresql-contrib - additional facilities for PostgreSQL (supported version)
postgresql-contrib-8.4 - additional facilities for PostgreSQL
postgresql-doc - documentation for the PostgreSQL database management system
postgresql-doc-8.4 - documentation for the PostgreSQL database management
system
postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side
programming
Launchpad-Bugs-Fixed: 1348176
Changes:
postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium
.
* New upstream bug fix release: (LP: #1348176)
- Various data integrity and other bug fixes.
- Secure Unix-domain sockets of temporary postmasters started during make
check.
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
- See release notes for details:
http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
now.
Checksums-Sha1:
008ca7442a2d5b31bd6dc15f617feb0af6732c4c 3477
postgresql-8.4_8.4.22-0ubuntu0.10.04.dsc
5e0aefc6d056a914bf4acc18e3a518d00d27a240 18332542
postgresql-8.4_8.4.22.orig.tar.gz
d22cca8e0dedc46e627b0af2b7cc108fc803ccd9 55606
postgresql-8.4_8.4.22-0ubuntu0.10.04.diff.gz
Checksums-Sha256:
ebab25be28ae1ad6e8a86e6c9d0a24dd42b62d775fed76044a57ee85cc0681cf 3477
postgresql-8.4_8.4.22-0ubuntu0.10.04.dsc
dda6dee53751ef6803f8a38e11d9621b8b02a9b0d7cbb2f4cff27d25d92b0a05 18332542
postgresql-8.4_8.4.22.orig.tar.gz
fb89fdfdf1db62522f5d0cddb6ad085268bbc71915d9017c4b3ba2a4400ef89c 55606
postgresql-8.4_8.4.22-0ubuntu0.10.04.diff.gz
Files:
9fd487e92da0d8c0c5b418792b5088ff 3477 database optional
postgresql-8.4_8.4.22-0ubuntu0.10.04.dsc
26960b858a1b76e88a1c3a9dd495fe80 18332542 database optional
postgresql-8.4_8.4.22.orig.tar.gz
48cdecaa4264a283980e538e7b77717f 55606 database optional
postgresql-8.4_8.4.22-0ubuntu0.10.04.diff.gz
Original-Maintainer: Martin Pitt <mp...@debian.org>
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
