Accepted postgresql-9.6 9.6.10-0+deb9u1 (source) into proposed-updates->stable-new, proposed-updates

Fri, 17 Aug 2018 10:05:54 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 Aug 2018 23:22:41 +0200
Source: postgresql-9.6
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 
postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 
postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 
postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 
postgresql-pltcl-9.6
Architecture: source
Version: 9.6.10-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers 
<pkg-postgresql-pub...@lists.alioth.debian.org>
Changed-By: Christoph Berg <m...@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.6 - object-relational SQL database, version 9.6 server
 postgresql-9.6-dbg - debug symbols for postgresql-9.6
 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6
 postgresql-contrib-9.6 - additional facilities for PostgreSQL
 postgresql-doc-9.6 - documentation for the PostgreSQL database management 
system
 postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6
 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6
 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6
 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6
 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side 
programming
Changes:
 postgresql-9.6 (9.6.10-0+deb9u1) stretch-security; urgency=medium
 .
   * New upstream version.
     + Fix failure to reset libpq's state fully between connection attempts
 .
       An unprivileged user of dblink or postgres_fdw could bypass the checks
       intended to prevent use of server-side credentials, such as a ~/.pgpass
       file owned by the operating-system user running the server.  Servers
       allowing peer authentication on local connections are particularly
       vulnerable.  Other attacks such as SQL injection into a postgres_fdw
       session are also possible. Attacking postgres_fdw in this way requires
       the ability to create a foreign server object with selected connection
       parameters, but any user with access to dblink could exploit the
       problem. In general, an attacker with the ability to select the
       connection parameters for a libpq-using application could cause
       mischief, though other plausible attack scenarios are harder to think
       of. Our thanks to Andrew Krasichkov for reporting this issue.
       (CVE-2018-10915)
 .
     + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
       FROM ...
 .
       Erroneous expansion of an updatable view could lead to crashes or
       attribute ... has the wrong type errors, if the view's SELECT list
       doesn't match one-to-one with the underlying table's columns.
       Furthermore, this bug could be leveraged to allow updates of columns
       that an attacking user lacks UPDATE privilege for, if that user has
       INSERT and UPDATE privileges for some other column(s) of the table. Any
       user could also use it for disclosure of server memory. (CVE-2018-10925)
 .
   * Add new pgtypes header and symbol.
   * Refresh debian/patches/filter-debug-prefix-map.
   * Update branch in Vcs-Git field.
Checksums-Sha1:
 b7d103a4b9d15a7d1340396508c58bd9bf199e3c 3709 
postgresql-9.6_9.6.10-0+deb9u1.dsc
 860ff3e2ce42246f45db1fc4519f972228168242 19991204 
postgresql-9.6_9.6.10.orig.tar.bz2
 6f74dd052c8d2133543e4427d8925d983b1bfb83 23812 
postgresql-9.6_9.6.10-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 cefe47cfbf0d58cb55644de47f76ecff57ab9043f057635857941b1f1405d1c5 3709 
postgresql-9.6_9.6.10-0+deb9u1.dsc
 8615acc56646401f0ede97a767dfd27ce07a8ae9c952afdb57163b7234fe8426 19991204 
postgresql-9.6_9.6.10.orig.tar.bz2
 8940b985ebfdcc3d1b09fdd3fa5e79ac55d6f70641baae1759e51b8ed6230d58 23812 
postgresql-9.6_9.6.10-0+deb9u1.debian.tar.xz
Files:
 5875dcb56ac47d52f1da6d939e0578a9 3709 database optional 
postgresql-9.6_9.6.10-0+deb9u1.dsc
 9a7f465252c0fbe2212566e3c079e062 19991204 database optional 
postgresql-9.6_9.6.10.orig.tar.bz2
 d61583b153549dfbc8a3262806241a2e 23812 database optional 
postgresql-9.6_9.6.10-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAltst8QACgkQTFprqxLS
p65WOg//UqRZlNfNQtXXGEcxTGPhk46iYOv4pNsDwTdHPUkhKrCZMbQd3jNaJupo
Y3GJW8KAQlcgpXUufCVKiYqU8c4nUE3cxNoGsPZhsZxV95gU0LJPuQuTnq0aXBEd
yFcKjS+uarQ+Vq2XNgLEnJU93+Qs3nUKkqhkE4c4DinHY+KlM53IMqsefPNBXuhO
4OtFgmm23VPjGmoE0SFNm/GL5ugocdXeWruzuwk6OqvJjmU/XyzGkcfg9HB7+T2G
BknkCfYOv9pehecRfp/+RSjv1yK0Rkh4EEMX7OPRhmF5/2bqO8Z7BqKxejJMnRr9
YVJxVm2ypY8kneB0kdy25A5ubI00ubYjVOLD7cwYxsmdGz/aquHm2t3x2/eJgdz/
rUzgKZ6XtuxWs5rB38YnzMGXNEZwNNxpKrajUHYLRViP9vQpD/1R5iOslBNCIbZF
q2gx6+20iZIDZjycYt4Ogumz5AAXTl+kmQ7N+efdViNre+spBcyj6+YGW9xi0R22
W4XGIsdEtLRxP+L5PYL+GjykXYZlWA+07dDsmru+XLTpi6ntIHGJjFsTKYLgz0mg
6OjGgqJvWU+rITjG33c8kPvaQoqMCLexpEU34rENoUmhT7lktewRm2pk85BBvtQU
JOwLP6bvoUAk3uNqvJ1ahUpG3SexQfeJLpqSLJCu2TbAP4ReGTE=
=vPmg
-----END PGP SIGNATURE-----

Reply via email to