[ubuntu/lucid-security] postgresql-8.4 8.4.22-0ubuntu0.10.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 11 17:43:38 UTC 2015 

postgresql-8.4 (8.4.22-0ubuntu0.10.04.1) lucid-security; urgency=medium

  * Add 15-to_char_buffer_overflow.patch and 16-to_char_buffer_overflow_time.patch:
    Fix buffer overruns in to_char() [CVE-2015-0241]
  * Add 17-pgcrypto_pullf_read_max_overflow.patch and 18-pgcrypto_imath_fixes.patch:
    Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
  * Add 19-ensure_frontend_backend_sync.patch:
    Fix possible loss of frontend/backend protocol synchronization after an
    error [CVE-2015-0244]
  * Add 20-column_privilege_leak.patch:
    Fix information leak via constraint-violation error messages
    [CVE-2014-8161]
  * Note: CVE-2015-0242 does not affect Ubuntu packages as we use glibc's
    snprintf().

postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-8-4-22.html
  * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.
  * Add debian/postgresql-8.4.NEWS to point out that upstream support ends
    now.

postgresql-8.4 (8.4.21-0ubuntu0.10.04) lucid-proposed; urgency=medium

  * New upstream bug fix release. No security issues or major data loss fixes
    this time, see release.html for details. (LP: #1294006)

Date: 2015-02-11 15:31:21.724549+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.22-0ubuntu0.10.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Lucid-changes mailing list