[Pkg-postgresql-public] postgresql-common_181+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 07 Nov 2017 20:54:52 +0100 Source: postgresql-common Binary: postgresql-common postgresql-client-common postgresql-server-dev-all postgresql postgresql-client postgresql-doc postgresql-contrib postgresql-all Architecture: source Version: 181+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers Changed-By: Christoph Berg Description: postgresql - object-relational SQL database (supported version) postgresql-all - metapackage depending on all PostgreSQL server packages postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-common - manager for multiple PostgreSQL client versions postgresql-common - PostgreSQL database-cluster manager postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-doc - documentation for the PostgreSQL database management system postgresql-server-dev-all - extension build tool for multiple PostgreSQL versions Changes: postgresql-common (181+deb9u1) stretch-security; urgency=medium . * pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806. Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for CVE-2016-1255.) Checksums-Sha1: b1662324b2d41bdeb7d9088ed06b9d8f508b0bf4 2372 postgresql-common_181+deb9u1.dsc a9cfb9390522f084c9cfa91e1d18a28dac12b6f7 201804 postgresql-common_181+deb9u1.tar.xz c6f331314f3cdb97d7e506b029c1907a91aa3414 5969 postgresql-common_181+deb9u1_source.buildinfo Checksums-Sha256: c21965f1adabf78feb1890cd3c342091c78f6f83e4238e03cdca201018481e28 2372 postgresql-common_181+deb9u1.dsc 4852c182eb397e075b49e3aa65b07c3fb21a23788bccce4d72bc7332ca5fc157 201804 postgresql-common_181+deb9u1.tar.xz 620c68e05634d29d96125bdb3667770cf721da5479cb9d928348c1b0fd7a05ae 5969 postgresql-common_181+deb9u1_source.buildinfo Files: 1a1a330ac911e3e18040c0c382b46b40 2372 database optional postgresql-common_181+deb9u1.dsc 86e31ddcce029108c339cfce9b9beb11 201804 database optional postgresql-common_181+deb9u1.tar.xz 7b3132419ecd82c09ceb577a30cad208 5969 database optional postgresql-common_181+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAloDHH4ACgkQTFprqxLS p66XCg//RCBqieX+5en5WkNG/UnRQNjDfRrw87KcIFvtALXZ68780dzaKVYaleVN wsVrxupNEmD0c85UBv4f2Cs4fKeQtpJdHrRQVnXE1SJxp+OZANyTaehBG83j/KKy NOuzPor20B7f78O37aIOztqCFta9Yw7JK9uPVCbz6fFqDm9BHzovRWZPLj3U1Ty2 fM3KoUI6ouv+uwnToNuADCPWT3GMYhljZeD3A692PBwqUH9VLnqtWojpeQKQn5mF VeqH61+ZRt1OAPNLxRXAdI3lLkoHPUDBOrTQkRQtvlvhFb2DQ2cqO3jmBfmPtYAl VdSCxtENqzVVNIA5EV/p1n9ZcQw6qRlLLMyMLu2PWbIXFMxgsVBf025PKRs+XhuQ YXGk63okcfvoRBfhuENrk9SSjbhTpDzRohSrAacNNI0rtsst3LeydLDsPbhbjVk9 Ock0beCGEL1kMa+183IWvo+y/AbFlVYaOZGvHz4oetjnL5hXsK1WOQjtn2PBgctB Xy/MLj1tmMO/q+7qAQ7klI2gdt3EFQ6pJUiz0Q5+mwklSarmnu6NkB6mv8t+RveM Q0F1o6avrFNcOI0oQpIW1EQF9JfKXUX81M6yy8LFWcCBVeVrjUeyF0XjtG7CL6Ds 1WbLU5ETRQFXj+WQlz6D3EYRduNCdZmGBtVMprAirLI3PXo4+PA= =0wDK -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] postgresql-9.6_9.6.6-0+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 08 Nov 2017 10:40:59 +0100
Source: postgresql-9.6
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6
postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6
postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6
postgresql-pltcl-9.6
Architecture: source
Version: 9.6.6-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers
Changed-By: Christoph Berg
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.6 - object-relational SQL database, version 9.6 server
postgresql-9.6-dbg - debug symbols for postgresql-9.6
postgresql-client-9.6 - front-end programs for PostgreSQL 9.6
postgresql-contrib-9.6 - additional facilities for PostgreSQL
postgresql-doc-9.6 - documentation for the PostgreSQL database management
system
postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6
postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6
postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6
postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6
postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side
programming
Changes:
postgresql-9.6 (9.6.6-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
.
+ Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions
and RLS policies in all cases (Dean Rasheed)
.
The update path of INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name. In
addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies (regardless of
how the arbiter index was specified). (CVE-2017-15099)
.
+ Fix crash due to rowtype mismatch in json{b}_populate_recordset()
(Michael Paquier, Tom Lane)
.
These functions used the result rowtype specified in the FROM ... AS
clause without checking that it matched the actual rowtype of the
supplied tuple value. If it didn't, that would usually result in a
crash, though disclosure of server memory contents seems possible as
well. (CVE-2017-15098)
.
+ Fix BRIN index summarization to handle concurrent table extension
correctly (Álvaro Herrera)
.
Previously, a race condition allowed some table rows to be omitted from
the index. It may be necessary to reindex existing BRIN indexes to
recover from past occurrences of this problem.
Checksums-Sha1:
dc443ecff8da540c9933815568de1cc3e8fe19bc 3694 postgresql-9.6_9.6.6-0+deb9u1.dsc
bd911c2a2ee25086cfebe03f3483f82c38210cdb 19605724
postgresql-9.6_9.6.6.orig.tar.bz2
9cd1d83923be23136310183bb3b27f94f333c7e1 21644
postgresql-9.6_9.6.6-0+deb9u1.debian.tar.xz
2e51375f681139596c1b9253db01638e60fc3f49 8555
postgresql-9.6_9.6.6-0+deb9u1_source.buildinfo
Checksums-Sha256:
1aae9e0c6960f7466b883211fe165612545d14166a6ca80ebfef5fe8b2fa54cf 3694
postgresql-9.6_9.6.6-0+deb9u1.dsc
399cdffcb872f785ba67e25d275463d74521566318cfef8fe219050d063c8154 19605724
postgresql-9.6_9.6.6.orig.tar.bz2
e20cde135f7a74f7efa0785e8405c063d0fc1f2091f8aee933f81ce277938dbc 21644
postgresql-9.6_9.6.6-0+deb9u1.debian.tar.xz
3917d6daeac2da931c63e4b348fbb56e21448b16aa2c20c08e2043ce0d11536d 8555
postgresql-9.6_9.6.6-0+deb9u1_source.buildinfo
Files:
86fc471f7fa47c6c58d4507c5b92f5c9 3694 database optional
postgresql-9.6_9.6.6-0+deb9u1.dsc
7c65858172597de7937efd88f208969b 19605724 database optional
postgresql-9.6_9.6.6.orig.tar.bz2
dc43771b58faa1a08c75d9e4a837dbf6 21644 database optional
postgresql-9.6_9.6.6-0+deb9u1.debian.tar.xz
b0e34d85abcf788dcbb66dae56f182e9 8555 database optional
postgresql-9.6_9.6.6-0+deb9u1_source.buildinfo
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAloDG4UACgkQTFprqxLS
p66wxw/8DoRvpise2P5tSSXIt5J+pKNIGgHy34g8fWNV6n0elxdVl4Y8qPl+3lIB
Od3OXw8dwTIyAHIgnRgXSE4CZSUv2kOxeoKtxRJZQVuAWfQrjg/md4gOn9K3KpEw
Mahl+yk5ZVNfDodLGktLaGPmGgj7gH1PMloBQ2cQoA6uIHy6xIRkMx3mg6/1peV+
J7qXM0fkFaIhAXh3HtZAhJ38qJkNojDZqiGkm14O7DunGCW3etlagiCkT+9Gwjl/
1NYG06Avc20vKjManpVNedz6n5fOLwMr2Z95riu0/+YH49Pyay5qUlLo+L3k5C3N
KR5LNhh/yNtAs2YRAANjG5j/A+W+Dw3W6C5gRY9dLcQbqvIRqI/ysPGf1UfmJVLO
QZABdZSygbcscpYIHxCmkgVlup4i7vhTweT3QotX0qnkeNdXLUJbRRyX5oxqsQv5
RHhrAXgiQLRU+tZtvtd8cJYfDOd6RZZEKBSXIQ/tk7KWZdHYuM6yvnQjhL9DL/W/
gveAJkvWrMvkF
[Pkg-postgresql-public] Processed: Re: Bug#881498: postgresql-mysql-fdw: autopkgtests fail with postgresql-10
Processing commands for cont...@bugs.debian.org: > forwarded 881498 https://github.com/EnterpriseDB/mysql_fdw/issues/147 Bug #881498 [src:postgresql-mysql-fdw] postgresql-mysql-fdw: autopkgtests fail with postgresql-10 Ignoring request to change the forwarded-to-address of bug#881498 to the same value > End of message, stopping processing here. Please contact me if you need assistance. -- 881498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] Bug#881498: Bug#881498: postgresql-mysql-fdw: autopkgtests fail with postgresql-10
Re: Jeremy Bicha 2017-11-12 > The autopkgtests for postgresql-mysql-fdw started failing once > postgresql-10 was used by default. > > https://ci.debian.net/packages/p/postgresql-mysql-fdw/unstable/amd64/ > http://autopkgtest.ubuntu.com/packages/p/postgresql-mysql-fdw I've reported that upstream: https://github.com/EnterpriseDB/mysql_fdw/issues/147 Christoph ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] Processed: limit source to postgresql-common, tagging 881501
Processing commands for cont...@bugs.debian.org: > limit source postgresql-common Limiting to bugs with field 'source' containing at least one of 'postgresql-common' Limit currently set to 'source':'postgresql-common' > tags 881501 + pending Bug #881501 [src:postgresql-common] postgresql-common: Please recognize Ubuntu 18.04 as a supported version Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 881501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881501 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] Processed: bug 881498 is forwarded to https://github.com/EnterpriseDB/mysql_fdw/issues/147
Processing commands for cont...@bugs.debian.org: > forwarded 881498 https://github.com/EnterpriseDB/mysql_fdw/issues/147 Bug #881498 [src:postgresql-mysql-fdw] postgresql-mysql-fdw: autopkgtests fail with postgresql-10 Set Bug forwarded-to-address to 'https://github.com/EnterpriseDB/mysql_fdw/issues/147'. > thanks Stopping processing here. Please contact me if you need assistance. -- 881498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881498 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] Bug#881501: postgresql-common: Please recognize Ubuntu 18.04 as a supported version
Source: postgresql-common Version: 188 Severity: important slony1-2's autopkgtests are failing on Ubuntu 18.04 "bionic" because 18.04 is not listed as in debian/supported-versions. Ubuntu developers currently plan to target postgresql-10 for 18.04 LTS. http://autopkgtest.ubuntu.com/packages/s/slony1-2/bionic/amd64 Thanks, Jeremy Bicha ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
[Pkg-postgresql-public] Bug#881498: postgresql-mysql-fdw: autopkgtests fail with postgresql-10
Source: postgresql-mysql-fdw Version: 2.3.0-1 Severity: important The autopkgtests for postgresql-mysql-fdw started failing once postgresql-10 was used by default. https://ci.debian.net/packages/p/postgresql-mysql-fdw/unstable/amd64/ http://autopkgtest.ubuntu.com/packages/p/postgresql-mysql-fdw Ubuntu uses autopkgtests before allowing packages to migrate from -proposed so this is one of the blockers for Ubuntu's postgresql-10 transition. Thanks, Jeremy Bicha ___ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
