[ubuntu/lucid-security] postgresql-8.4 8.4.22-0ubuntu0.10.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Feb 11 17:43:38 UTC 2015
postgresql-8.4 (8.4.22-0ubuntu0.10.04.1) lucid-security; urgency=medium
* Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
Fix buffer overruns in to_char() [CVE-2015-0241]
* Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
* Add 19-ensure_frontend_backend_sync.patch:
Fix possible loss of frontend/backend protocol synchronization after an
error [CVE-2015-0244]
* Add 20-column_privilege_leak.patch:
Fix information leak via constraint-violation error messages
[CVE-2014-8161]
* Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
snprintf().
postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium
* New upstream bug fix release: (LP: #1348176)
- Various data integrity and other bug fixes.
- Secure Unix-domain sockets of temporary postmasters started during make
check.
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
- See release notes for details:
http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
now.
postgresql-8.4 (8.4.21-0ubuntu0.10.04) lucid-proposed; urgency=medium
* New upstream bug fix release. No security issues or major data loss fixes
this time, see release.html for details. (LP: #1294006)
Date: 2015-02-11 15:31:21.724549+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.22-0ubuntu0.10.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list