[ubuntu/hardy-security] postgresql-8.3 8.3.23-0ubuntu8.04 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Feb 12 13:06:32 UTC 2013

postgresql-8.3 (8.3.23-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server.  In principle an attacker might be able to use it to examine the
      contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for details about other changes.
  * 03-gettext-domains.patch: Unfuzz for new version.

postgresql-8.3 (8.3.22-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #1088393)
    - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
      Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
      changing the state of an index's pg_index row. This prevents race
      conditions that could cause concurrent sessions to miss updating
      the target index, thus resulting in corrupt concurrently-created
      Also, fix various other operations to ensure that they ignore
      invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
      command. The most important of these is "VACUUM", because an
      auto-vacuum could easily be launched on the table before corrective
      action can be taken to fix or remove the invalid index.
    - See HISTORY/changelog.gz for details about the other bug fixes.

postgresql-8.3 (8.3.21-0ubuntu8.04) hardy-proposed; urgency=low

  * New upstream bug fix release: (LP: #1055944)
    - Improve page-splitting decisions in GiST indexes.
      Multi-column GiST indexes might suffer unexpected bloat due to this
    - Fix cascading privilege revoke to stop if privileges are still held.
      If we revoke a grant option from some role "X", but "X" still holds
      that option via a grant from someone else, we should not
      recursively revoke the corresponding privilege from role(s) "Y"
      that "X" had granted it to.
    - Fix handling of SIGFPE when PL/Perl is in use.
      Perl resets the process's SIGFPE handler to SIG_IGN, which could
      result in crashes later on. Restore the normal Postgres signal
      handler after initializing PL/Perl.
    - Prevent PL/Perl from crashing if a recursive PL/Perl function is
      redefined while being executed.
    - Work around possible misoptimization in PL/Perl.
      Some Linux distributions contain an incorrect version of
      "pthread.h" that results in incorrect compiled code in PL/Perl,
      leading to crashes if a PL/Perl function calls another one that
      throws an error.

Date: 2013-02-07 16:20:12.132584+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Hardy-changes mailing list