This is an automated email from the git hooks/post-receive script.

markus_wanner-guest pushed a commit to branch master
in repository postgis.

commit e4e85d4d7ca70e7220bbb2bd54e90ff1440a7a94
Author: Markus Wanner <>
Date:   Wed May 21 12:01:47 2014 +0200

    NEWS.Debian: be more verbose, use more of the official announcement.
 debian/NEWS.Debian | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian
index 9a1c30f..935bc95 100644
--- a/debian/NEWS.Debian
+++ b/debian/NEWS.Debian
@@ -1,9 +1,31 @@
 postgis (2.1.3+dfsg-1) unstable; urgency=high
-  PostGIS 2.1.3 fixes a security issue and now defaults to disable all GDAL
-  drivers and out-db rasters. Please check which ones you need and
-  consider enabling them via the newly introduced environment variables
+  It has come to our attention that the PostGIS Raster support
+  may give more privileges to users than an administrator is
+  willing to grant.
+  These include reading files from the filesystem and opening
+  connections to network hosts.
+  Both issues can be limited in existing installations by setting
+  the GDAL_SKIP variable (in the PostgreSQL server environment)
+  to the list of all gdal drivers, but some drivers would still be
+  forceably loaded by some operations.
+  This release strengthens the code to load no drivers by default
+  and allows for a fine-grained tuning of what's allowed and what
+  not through postgis-specific environment variables:
+    Specifies a list of GDAL drivers to _enable_ (rather than _skip_)
+    By default all drivers are disabled.
+    Example value: "GTiff PNG JPEG"
+    Enables read support for out-db raster bands if set to 1.
+    By default out-db raster bands reading is disabled.
+  On Debian, you can easily set these via the following file:
  -- Markus Wanner <>  Wed, 21 May 2014 10:49:10 +0200

Alioth's /usr/local/bin/git-commit-notice on 

Pkg-grass-devel mailing list

Reply via email to