[SECURITY] [DLA 2751-1] postgresql-9.6 security update

- Debian LTS Advisory DLA-2751-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Christoph Berg August 31, 2021 https://wiki.debian.org/LTS

[DLA-0019-1] postgresql-8.4 update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Debian Security Advisory DLA-0019-1 https://wiki.debian.org/LTS - Package: postgresql-8.4 Version: 8.4.22-0+deb6u1 CVE ID : CVE-2014-0067 New upstre

[SECURITY] [DLA-152-1] postgresql-8.4 update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: postgresql-8.4 Version: 8.4.22lts1-0+deb6u1 CVE ID : CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 Several vulnerabilities were discovered in PostgreSQL, a relational database server system. The 8.4 branch

[SECURITY] [DLA-252-1] postgresql-8.4 update

Package: postgresql-8.4 Version: 8.4.22lts4-0+deb6u1 Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to

[SECURITY] [DLA-329-1] postgresql-8.4 update

Package: postgresql-8.4 Version: 8.4.22lts5-0+deb6u1 Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to

[SECURITY] [DLA-432-1] postgresql-8.4 update

Package: postgresql-8.4 Version: 8.4.22lts6-0+deb6u1 Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains fixes that were applied upstream to the

[SECURITY] [DLA 491-1] postgresql-9.1 bugfix update

Package: postgresql-9.1 Version: 9.1.22-0+deb7u1 The PostgreSQL project released a new version of the PostgreSQL 9.1 branch: * Clear the OpenSSL error queue before OpenSSL calls, rather than assuming it's clear already; and make sure we leave it clear afterwards (Peter Geoghegan,

[SECURITY] [DLA 592-1] postgresql-9.1 security update

Package: postgresql-9.1 Version: 9.1.23-0+deb7u1 Several vulnerabilities have been found in PostgreSQL, an SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a

[SECURITY] [DLA-709-1] postgresql-9.1 update

Package: postgresql-9.1 Version: 9.1.24-0+deb7u1 Several bugs were discovered in PostgreSQL, a relational database server system. This update corrects various stability issues. 9.1.24 marks the end of life of the PostgreSQL 9.1 branch. No further releases will be made by t

[SECURITY] [DLA-774-1] postgresql-common security update

Package: postgresql-common Version: 134wheezy5 A security vulnerability and a data loss bug have been found in postgresql-common, Debian's PostgreSQL database cluster management tools. CVE-2016-1255 Dawid Golunski discovered that a symlink in /var/log/postgresql/ could be

[SECURITY] [DLA-1169-1] postgresql-common security update

Package: postgresql-common Version: 134wheezy6 A security vulnerability has been found in postgresql-common, Debian's PostgreSQL database cluster management tools. CVE-2017-8806 It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands hand

[SECURITY] [DLA-1271-1] postgresql-9.1 security update

Package: postgresql-9.1 Version: 9.1.24lts2-0+deb7u2 CVE ID : CVE-2018-1053 A vulnerabilities has been found in the PostgreSQL database system: CVE-2018-1053 Tom Lane discovered that pg_upgrade, a tool used to upgrade PostgreSQL database clusters, creates temporar

[SECURITY] [DLA 1642-1] postgresql-9.4 new minor release

Package: postgresql-9.4 Version: 9.4.20-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.20-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Further information ab

[SECURITY] [DLA 1784-1] postgresql-9.4 new minor release

Package: postgresql-9.4 Version: 9.4.22-0+deb8u1 The PostgreSQL project has release a new minor release of the 9.4 branch. For Debian 8 "Jessie", this has been uploaded as version 9.4.22-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Note that the end of l

[SECURITY] [DLA-1874-1] postgresql-9.4 security update

Package: postgresql-9.4 Version: 9.4.24-0+deb8u1 CVE ID : CVE-2019-10208 * CVE-2019-10208: `TYPE` in `pg_temp` executes arbitrary SQL during `SECURITY DEFINER` execution Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbi

[SECURITY] [DLA-1994-1] postgresql-common security update

Package: postgresql-common Version: 165+deb8u4 CVE ID : CVE-2019-3466 Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. For the oldoldstable di

[SECURITY] [DLA 2105-1] postgresql-9.4 security update

Package: postgresql-9.4 Version: 9.4.26-0+deb8u1 CVE ID : CVE-2020-1720 Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version 9.4