[ubuntu/lucid] postgresql-8.3 8.3.9-1 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Mon Dec 14 23:40:14 GMT 2009 

postgresql-8.3 (8.3.9-1) unstable; urgency=medium

  Urgency medium due to security fixes.

  * New upstream security/bug fix release:
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal.  Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
  * debian/control: libreadline5-dev → libreadline-dev. (Closes: #553828)

Date: Mon, 14 Dec 2009 23:00:56 +0100
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
Origin: debian/unstable
https://launchpad.net/ubuntu/lucid/+source/postgresql-8.3/8.3.9-1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: debian/unstable
Format: 1.8
Date: Mon, 14 Dec 2009 23:00:56 +0100
Source: postgresql-8.3
Binary: postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3
Architecture: source
Version: 8.3.9-1
Distribution: lucid
Urgency: medium
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Closes: 553828
Changes: 
 postgresql-8.3 (8.3.9-1) unstable; urgency=medium
 .
   Urgency medium due to security fixes.
 .
   * New upstream security/bug fix release:
     - Protect against indirect security threats caused by index functions
       changing session-local state. This change prevents allegedly-immutable
       index functions from possibly subverting a superuser's session
       (CVE-2009-4136).
     - Reject SSL certificates containing an embedded null byte in the
       common name (CN) field. This prevents unintended matching of a
       certificate to a server or client name during SSL validation
       (CVE-2009-4034).
     - Fix possible crash during backend-startup-time cache initialization.
     - Avoid crash on empty thesaurus dictionary.
     - Prevent signals from interrupting VACUUM at unsafe times.
     - Fix possible crash due to integer overflow in hash table size
       calculation.
     - Fix very rare crash in inet/cidr comparisons.
     - Ensure that shared tuple-level locks held by prepared transactions
       are not ignored.
     - Fix premature drop of temporary files used for a cursor that is
       accessed within a subtransaction.
     - Fix memory leak in syslogger process when rotating to a new CSV
       logfile.
     - Fix incorrect logic for GiST index page splits, when the split
       depends on a non-first column of the index.
     - Don't error out if recycling or removing an old WAL file fails at
       the end of checkpoint. It's better to treat the problem as non-fatal and
       allow the checkpoint to complete. Future checkpoints will retry the
       removal.  Such problems are not expected in normal operation, but have
       been seen to be caused by misdesigned Windows anti-virus and backup
       software.
     - Fix PAM password processing to be more robust.
     - Raise the maximum authentication token (Kerberos ticket) size in
       GSSAPI and SSPI authentication methods. While the old 2000-byte limit
       was more than enough for Unix Kerberos implementations, tickets issued
       by Windows Domain Controllers can be much larger.
     - Re-enable collection of access statistics for sequences. This used to
       work but was broken in 8.3.
     - Fix processing of ownership dependencies during CREATE OR REPLACE
       FUNCTION.
     - Fix incorrect handling of WHERE "x"="x" conditions.
       In some cases these could get ignored as redundant, but they aren't
       -- they're equivalent to "x" IS NOT NULL.
     - Make text search parser accept underscores in XML attributes.
     - Fix encoding handling in xml binary input. If the XML header doesn't
       specify an encoding, we now assume UTF-8 by default; the previous
       handling was inconsistent.
     - Fix bug with calling plperl from plperlu or vice versa.
     - Fix session-lifespan memory leak when a PL/Perl function is
       redefined.
     - Ensure that Perl arrays are properly converted to PostgreSQL arrays
       when returned by a set-returning PL/Perl function.
     - Fix rare crash in exception processing in PL/Python.
     - Make the postmaster ignore any application_name parameter in
       connection request packets, to improve compatibility with future
       libpq versions.
   * debian/control: libreadline5-dev → libreadline-dev. (Closes: #553828)
Checksums-Sha1: 
 4c23b1560221849837581df2a6af82e67e9d0c6a 1518 postgresql-8.3_8.3.9-1.dsc
 9c0536556707e22b10668c52b0689a0803a9e07e 13850244 postgresql-8.3_8.3.9.orig.tar.gz
 614aee1475a3f204a651f11fb1f6c786965eb8ad 44168 postgresql-8.3_8.3.9-1.diff.gz
Checksums-Sha256: 
 946264bda2c2c7d40c0f3a8a887609746b9b5bab8d60baedd90e85716c8129a0 1518 postgresql-8.3_8.3.9-1.dsc
 e57ca26b47967cbee363275cb5509e7223256441152d1101a320c03e30839544 13850244 postgresql-8.3_8.3.9.orig.tar.gz
 bd82d75b88cbf0020b0e98accc1ebb9d4edab13cecf1dc513e2b989424db8e31 44168 postgresql-8.3_8.3.9-1.diff.gz
Files: 
 981caca681fb9eea89cd77da7f9f6f01 1518 database optional postgresql-8.3_8.3.9-1.dsc
 05088ab3b924a326914572eb77db541b 13850244 database optional postgresql-8.3_8.3.9.orig.tar.gz
 a2a371bc61e4cebff40dba1d017cb85e 44168 database optional postgresql-8.3_8.3.9-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksmypcACgkQDecnbV4Fd/KhbQCdFJMms/eJk1qYqgacRc6Q8nRd
k3UAoMkVKJbl1AX/CtvuTAuNo7YHhvct
=MUMW
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list