postgresql-9.1 (9.1.9-1ubuntu1) raring; urgency=low
* Merge with Debian unstable. (LP: #1163184) Remaining Ubuntu changes:
- debian/rules: Configure for the Tcl/Tk 8.5 multiarch installation.
postgresql-9.1 (9.1.9-1) unstable; urgency=high
* Urgency high because of critical remote data destruction vulnerability.
* New upstream security/bug fix release:
- Fix insecure parsing of server command-line switches.
A connection request containing a database name that begins with
"-" could be crafted to damage or destroy files within the server's
data directory, even if the request is eventually rejected.
[CVE-2013-1899] (Closes: #704479)
- Reset OpenSSL randomness state in each postmaster child process.
This avoids a scenario wherein random numbers generated by
"contrib/pgcrypto" functions might be relatively easy for another
database user to guess. The risk is only significant when the
postmaster is configured with ssl = on but most connections don't
use SSL encryption. [CVE-2013-1900]
- Make REPLICATION privilege checks test current user not
authenticated user.
An unprivileged database user could exploit this mistake to call
pg_start_backup() or pg_stop_backup(), thus possibly interfering
with creation of routine backups. [CVE-2013-1901]
- Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
not appropriate to do so.
The core geometric types perform comparisons using "fuzzy"
equality, but gist_box_same must do exact comparisons, else GiST
indexes using it might become inconsistent. After installing this
update, users should "REINDEX" any GiST indexes on box, polygon,
circle, or point columns, since all of these use gist_box_same.
- Fix erroneous range-union and penalty logic in GiST indexes that
use "contrib/btree_gist" for variable-width data types, that is
text, bytea, bit, and numeric columns.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
useless index bloat. Users are advised to "REINDEX" such indexes
after installing this update.
- Fix bugs in GiST page splitting code for multi-column indexes.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
indexes that are unnecessarily inefficient to search. Users are
advised to "REINDEX" multi-column GiST indexes after installing
this update.
- See HISTORY/changelog.gz for details about the other bug fixes.
* Bump Standards-Version to 3.9.4 (no changes necessary).
Date: Thu, 04 Apr 2013 16:01:02 +0200
Changed-By: Martin Pitt <[email protected]>
Maintainer: Debian PostgreSQL Maintainers
<[email protected]>
https://launchpad.net/ubuntu/raring/+source/postgresql-9.1/9.1.9-1ubuntu1
Format: 1.8
Date: Thu, 04 Apr 2013 16:01:02 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3
postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1
postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1
postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1
postgresql-pltcl-9.1
Architecture: source
Version: 9.1.9-1ubuntu1
Distribution: raring
Urgency: high
Maintainer: Debian PostgreSQL Maintainers
<[email protected]>
Changed-By: Martin Pitt <[email protected]>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.1 - object-relational SQL database, version 9.1 server
postgresql-9.1-dbg - debug symbols for postgresql-9.1
postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
postgresql-contrib-9.1 - additional facilities for PostgreSQL
postgresql-doc-9.1 - documentation for the PostgreSQL database management
system
postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side
programming
Closes: 704479
Launchpad-Bugs-Fixed: 1163184
Changes:
postgresql-9.1 (9.1.9-1ubuntu1) raring; urgency=low
.
* Merge with Debian unstable. (LP: #1163184) Remaining Ubuntu changes:
- debian/rules: Configure for the Tcl/Tk 8.5 multiarch installation.
.
postgresql-9.1 (9.1.9-1) unstable; urgency=high
.
* Urgency high because of critical remote data destruction vulnerability.
* New upstream security/bug fix release:
- Fix insecure parsing of server command-line switches.
A connection request containing a database name that begins with
"-" could be crafted to damage or destroy files within the server's
data directory, even if the request is eventually rejected.
[CVE-2013-1899] (Closes: #704479)
- Reset OpenSSL randomness state in each postmaster child process.
This avoids a scenario wherein random numbers generated by
"contrib/pgcrypto" functions might be relatively easy for another
database user to guess. The risk is only significant when the
postmaster is configured with ssl = on but most connections don't
use SSL encryption. [CVE-2013-1900]
- Make REPLICATION privilege checks test current user not
authenticated user.
An unprivileged database user could exploit this mistake to call
pg_start_backup() or pg_stop_backup(), thus possibly interfering
with creation of routine backups. [CVE-2013-1901]
- Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
not appropriate to do so.
The core geometric types perform comparisons using "fuzzy"
equality, but gist_box_same must do exact comparisons, else GiST
indexes using it might become inconsistent. After installing this
update, users should "REINDEX" any GiST indexes on box, polygon,
circle, or point columns, since all of these use gist_box_same.
- Fix erroneous range-union and penalty logic in GiST indexes that
use "contrib/btree_gist" for variable-width data types, that is
text, bytea, bit, and numeric columns.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
useless index bloat. Users are advised to "REINDEX" such indexes
after installing this update.
- Fix bugs in GiST page splitting code for multi-column indexes.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
indexes that are unnecessarily inefficient to search. Users are
advised to "REINDEX" multi-column GiST indexes after installing
this update.
- See HISTORY/changelog.gz for details about the other bug fixes.
* Bump Standards-Version to 3.9.4 (no changes necessary).
Checksums-Sha1:
613560896c9e101bcf2645e96b4bfed31a6bf583 3347 postgresql-9.1_9.1.9-1ubuntu1.dsc
7a1a93c3c50eccedc5ebe6608323de2e7ca8dc57 37179
postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
Checksums-Sha256:
4875a94d28df2c7fa1a9bfa48fc7801978ad28341763da27e2ef0df759bcf55f 3347
postgresql-9.1_9.1.9-1ubuntu1.dsc
d9139e6bbfd5125299dd87b1e7094a099fc1ac878431601690b1c2a8c0ef15e8 37179
postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
Files:
4fcb8a1d5b4247ee5de1e46daa408ccc 3347 database optional
postgresql-9.1_9.1.9-1ubuntu1.dsc
c26942b41307b0c8bae06ad01b8ee4b7 37179 database optional
postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
--
Raring-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/raring-changes
