[ubuntu/natty] postgresql-8.4 8.4.7-1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Feb 3 18:29:33 UTC 2011 

postgresql-8.4 (8.4.7-1) unstable; urgency=low

  * New upstream security/bug fix release:
    - Fix buffer overrun in "contrib/intarray"'s input function for the
      query_int type.
      This bug is a security risk since the function's return address
      could be overwritten. Thanks to Apple Inc's security team for
      reporting this issue and supplying the fix. (CVE-2010-4015)
    - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
      expression.
      If the CASE's test expression was a constant, the planner could
      simplify the CASE into a form that confused the expression-display
      code, resulting in "unexpected CASE WHEN clause" errors.
    - Fix assignment to an array slice that is before the existing range
      of subscripts.
      If there was a gap between the newly added subscripts and the first
      pre-existing subscript, the code miscalculated how many entries
      needed to be copied from the old array's null bitmap, potentially
      leading to data corruption or crash.
    - Avoid unexpected conversion overflow in planner for very distant
      date values.
      The date type supports a wider range of dates than can be
      represented by the timestamp types, but the planner assumed it
      could always convert a date to timestamp with impunity.
    - Fix pg_restore's text output for large objects (BLOBs) when
      standard_conforming_strings is on.
      Although restoring directly to a database worked correctly, string
      escaping was incorrect if pg_restore was asked for SQL text output
      and standard_conforming_strings had been enabled in the source
      database.
    - Fix erroneous parsing of tsquery values containing ... &
      !(subexpression) | ... .
      Queries containing this combination of operators were not executed
      correctly. The same error existed in "contrib/intarray"'s query_int
      type and "contrib/ltree"'s ltxtquery type.
    - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a seg column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update. (This is identical to the bug that was fixed in
      "contrib/cube" in the previous update.)

Date: Thu,  03 Feb 2011 18:29:02 +0000
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/natty/+source/postgresql-8.4/8.4.7-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Thu,  03 Feb 2011 18:29:02 +0000
Source: postgresql-8.4
Binary: libpq-dev, libpq5, libecpg6, libecpg-dev, libecpg-compat3, libpgtypes3, postgresql-8.4, postgresql-client-8.4, postgresql-server-dev-8.4, postgresql-doc-8.4, postgresql-contrib-8.4, postgresql-plperl-8.4, postgresql-plpython-8.4, postgresql-pltcl-8.4, postgresql, postgresql-client, postgresql-doc, postgresql-contrib
Architecture: source
Version: 8.4.7-1
Distribution: natty
Urgency: low
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
 postgresql-8.4 - object-relational SQL database, version 8.4 server
Files:
 d2d0f04e84f4f1cbb929bc96a979daef 41686 database optional postgresql-8.4_8.4.7-1.diff.gz
 4771d4ae4fd9e7e9b92c22253517508d 17640221 database optional postgresql-8.4_8.4.7.orig.tar.gz
 ca80c8936bbf672a1b510abee8c34ce7 2467 database optional postgresql-8.4_8.4.7-1.dsc
Changes:
 postgresql-8.4 (8.4.7-1) unstable; urgency=low
 .
   * New upstream security/bug fix release:
     - Fix buffer overrun in "contrib/intarray"'s input function for the
       query_int type.
       This bug is a security risk since the function's return address
       could be overwritten. Thanks to Apple Inc's security team for
       reporting this issue and supplying the fix. (CVE-2010-4015)
     - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
       expression.
       If the CASE's test expression was a constant, the planner could
       simplify the CASE into a form that confused the expression-display
       code, resulting in "unexpected CASE WHEN clause" errors.
     - Fix assignment to an array slice that is before the existing range
       of subscripts.
       If there was a gap between the newly added subscripts and the first
       pre-existing subscript, the code miscalculated how many entries
       needed to be copied from the old array's null bitmap, potentially
       leading to data corruption or crash.
     - Avoid unexpected conversion overflow in planner for very distant
       date values.
       The date type supports a wider range of dates than can be
       represented by the timestamp types, but the planner assumed it
       could always convert a date to timestamp with impunity.
     - Fix pg_restore's text output for large objects (BLOBs) when
       standard_conforming_strings is on.
       Although restoring directly to a database worked correctly, string
       escaping was incorrect if pg_restore was asked for SQL text output
       and standard_conforming_strings had been enabled in the source
       database.
     - Fix erroneous parsing of tsquery values containing ... &
       !(subexpression) | ... .
       Queries containing this combination of operators were not executed
       correctly. The same error existed in "contrib/intarray"'s query_int
       type and "contrib/ltree"'s ltxtquery type.
     - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
       This could result in considerable inefficiency, though not actually
       incorrect answers, in a GiST index on a seg column. If you have
       such an index, consider "REINDEX"ing it after installing this
       update. (This is identical to the bug that was fixed in
       "contrib/cube" in the previous update.)

More information about the Natty-changes mailing list