Your message dated Tue, 10 May 2005 22:52:38 -0700 with message-id <[EMAIL PROTECTED]> and subject line PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 4 May 2005 14:42:02 +0000 >From [EMAIL PROTECTED] Wed May 04 07:42:01 2005 Return-path: <[EMAIL PROTECTED]> Received: from polaris.galacticasoftware.com [206.45.95.222] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DTL4b-00043b-00; Wed, 04 May 2005 07:42:01 -0700 Received: from mira.lan.galacticasoftware.com ([2001:470:1f00:907:20d:87ff:fe3c:98c8]) by polaris.galacticasoftware.com with esmtp (Exim 4.50) id 1DTL4a-0000hC-UA; Wed, 04 May 2005 09:42:00 -0500 Received: from adamm by mira.lan.galacticasoftware.com with local (Exim 4.50) id 1DTL4r-0007Y5-V6; Wed, 04 May 2005 09:42:17 -0500 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Adam M." <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities X-Mailer: reportbug 3.11 Date: Wed, 04 May 2005 09:42:17 -0500 Message-Id: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: postgresql Severity: grave Tags: security sarge From: http://secunia.com/advisories/15217/ Workarounds (aka, fixes :) http://www.postgresql.org/about/news.315 DESCRIPTION: Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) Missing validation of arguments supplied to the functions supporting client-to-server character set conversion can be exploited by unprivileged users when calling the functions from SQL commands. The vulnerability affects versions 7.3.* through 8.0.*. 2) The contrib/tsearch2 module misdeclares the return type of several functions, which breaks the type safety of "internal". The impact has reportedly not been investigated, but can at least crash the backend. The vulnerability affects versions 7.4 and later with the contrib/tsearch2 module installed. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-1-k7 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages postgresql depends on: ii adduser 3.63 Add and remove users and groups ii debconf [debconf 1.4.48 Debian configuration management sy ii debianutils 2.13.2 Miscellaneous utilities specific t ii dpkg 1.10.27 Package maintenance system for Deb ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libcomerr2 1.37-2 common error description library ii libkrb53 1.3.6-3 MIT Kerberos runtime libraries ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libperl5.8 5.8.4-8 Shared Perl library ii libpq3 7.4.7-5 PostgreSQL C client library ii libreadline4 4.3-15 GNU readline and history libraries ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postgresql-clien 7.4.7-5 front-end programs for PostgreSQL ii procps 1:3.2.5-1 /proc file system utilities ii python2.3 2.3.5-2 An interactive high-level object-o ii ucf 1.18 Update Configuration File: preserv ii zlib1g 1:1.2.2-4 compression library - runtime --------------------------------------- Received: (at 307663-done) by bugs.debian.org; 11 May 2005 05:52:39 +0000 >From [EMAIL PROTECTED] Tue May 10 22:52:39 2005 Return-path: <[EMAIL PROTECTED]> Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DVk99-00017Q-00; Tue, 10 May 2005 22:52:39 -0700 Received: by localhost.localdomain (Postfix, from userid 1000) id E7418172843; Tue, 10 May 2005 22:52:38 -0700 (PDT) Date: Tue, 10 May 2005 22:52:38 -0700 From: Steve Langasek <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: postgresql 7.4.7-6 is now in sarge, so I believe this bug is fixed. Thanks, -- Steve Langasek postmodern programmer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]