Mapping stable-security to proposed-updates. Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Aug 2017 13:58:56 +0200 Source: postgresql-9.6 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6 Architecture: source Version: 9.6.4-0+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.b...@credativ.de> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.6 - object-relational SQL database, version 9.6 server postgresql-9.6-dbg - debug symbols for postgresql-9.6 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6 postgresql-contrib-9.6 - additional facilities for PostgreSQL postgresql-doc-9.6 - documentation for the PostgreSQL database management system postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming Changes: postgresql-9.6 (9.6.4-0+deb9u1) stretch-security; urgency=high . * New upstream security release. . + Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. See the release notes for instructions for applying the fix to existing database clusters. (CVE-2017-7547; extends fix for CVE-2017-7484) + Disallow empty passwords in all password-based authentication methods. (CVE-2017-7546) + Make lo_put() check for UPDATE privilege on the target large object. (CVE-2017-7548) . * Remove debian/patches/s390x-fpic, implemented upstream. Checksums-Sha1: 9676b755a08852ffb9b8fd867a9c20b8828396d6 3694 postgresql-9.6_9.6.4-0+deb9u1.dsc f10e2e5c09e041616e25bd41a9ea91be98534d9d 19566875 postgresql-9.6_9.6.4.orig.tar.bz2 76b6bddad078354a29833e83769fcc292cf4ebe6 21072 postgresql-9.6_9.6.4-0+deb9u1.debian.tar.xz cf518738431b3a01bbcca81c74bbddf8a87acf6e 8369 postgresql-9.6_9.6.4-0+deb9u1_source.buildinfo Checksums-Sha256: baf59e5e050f2ae3108226fcd5937e323da34828231fec1eb3d8a58c99d724c0 3694 postgresql-9.6_9.6.4-0+deb9u1.dsc 2b3ab16d82e21cead54c08b95ce3ac480696944a68603b6c11b3205b7376ce13 19566875 postgresql-9.6_9.6.4.orig.tar.bz2 d2aee3d5cf7d150c0117f0a0f5c3a65bcd47b9dd7a95387b6b9aad166f770f44 21072 postgresql-9.6_9.6.4-0+deb9u1.debian.tar.xz fa48d47f56cf585209176e5a9cd6597bec3e833d13fc8ad100a8680f635e58c4 8369 postgresql-9.6_9.6.4-0+deb9u1_source.buildinfo Files: e86989df07a6b417c20cf8c15317d130 3694 database optional postgresql-9.6_9.6.4-0+deb9u1.dsc 67b01523a75271fd6cb2638eb2b55795 19566875 database optional postgresql-9.6_9.6.4.orig.tar.bz2 953acb9c7f987d50a5e9a7a731d05a3f 21072 database optional postgresql-9.6_9.6.4-0+deb9u1.debian.tar.xz ed75fa980c0649d59fa99e6496d726eb 8369 database optional postgresql-9.6_9.6.4-0+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlmMUyoACgkQTFprqxLS p65otA/+Pf2N4WVaIZlofK0NYT7BLqaSdu1r28DiEtah9ETEsDxM6NtKppVZddHF 6v65ew9fG3dnX7ghY0ZwtripzUbG9d/dVRkB6QC/h7mYZ9V4lqZD+rQe5hSkliPr 2UfHm9UO5qmR4DGwpWB8SxGdB2ROY0Xu3jhsmdS6WHh3o6DUoQhGJPGeNIUs08Bq zQuFOIMi92g3Nuz6OCNNTv80qzDq4lewmq/ObEiPxOlnBVwyIlM5HhzLU0HQLtnA x9IfjwvKORXRPWHZuV+uc0T44HIsYusvFXnEXw0JWoXDtb+fJoaE8qrGjkMk3VoW pxgMIBcDw08JipSeauHyhfg2yw5PsrklZL7e4usiSP11KGzS77jlFCrlavtyBgTc XahBrxo5gqQjZpvA98Q9lDY6TTHQvyYjnJCTx5qxADxoasgK1CYfsWZ/lbTxodfK TMuGYx34Pwm3gBoWO78cZZR83kBS3QgGyvH+ApD1erB3hWQKH0wiIrw4Lkx6hudg y32gqs0Hf1U0llg2Me3BC5g/yWqlB6RCP8sZJn+2zDDS8NiSppCCS36DyIPiO8ay +SxGWBgCGFbQV8BJb/4wsqyKQ+iM6zJ2h9gOpd+RjiKX0lwxk+b8kMGlfFqd4JnJ t6AA2zbSLKKe3v7H+Sy/t6F+lsQD1zp1BrjQ7KY7o/TxmjxWZ30= =RW8i -----END PGP SIGNATURE----- Thank you for your contribution to Debian. _______________________________________________ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public