Hi security team, I've just uploaded postgresql-9.1 9.1.15-0+deb7u1 to security-master.
The changelog is:
postgresql-9.1 (9.1.15-0+deb7u1) wheezy-security; urgency=medium
* New upstream release.
+ Fix buffer overruns in to_char() (CVE-2015-0241)
+ Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
+ Fix possible loss of frontend/backend protocol synchronization after an
error (CVE-2015-0244)
+ Fix information leak via constraint-violation error messages
(CVE-2014-8161)
-- Christoph Berg <[email protected]> Thu, 05 Feb 2015 15:42:54 +0100
A longer explanation of the CVEs is at:
http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
Note that the CVEs I didn't mention in the Debian changelog are not
applicable to us (we aren't running on Windows).
Please issue a DSA for this. If I can be of any help, ping me on IRC
or by mail.
Christoph
--
[email protected] | http://www.df7cb.de/
signature.asc
Description: Digital signature
_______________________________________________ Pkg-postgresql-public mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
