[ubuntu/precise-proposed] postgresql-8.4 8.4.22-0ubuntu0.12.04 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Wed Jul 30 09:27:42 UTC 2014 

postgresql-8.4 (8.4.22-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-8-4-22.html
  * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.

Date: Tue, 29 Jul 2014 14:47:30 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/postgresql-8.4/8.4.22-0ubuntu0.12.04
-------------- next part --------------
Format: 1.8
Date: Tue, 29 Jul 2014 14:47:30 +0200
Source: postgresql-8.4
Binary: postgresql-8.4 postgresql-client-8.4 postgresql-server-dev-8.4 postgresql-doc-8.4 postgresql-contrib-8.4 postgresql-plperl-8.4 postgresql-plpython-8.4 postgresql-pltcl-8.4
Architecture: source
Version: 8.4.22-0ubuntu0.12.04
Distribution: precise-proposed
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
 postgresql-8.4 - object-relational SQL database, version 8.4 server
 postgresql-client-8.4 - front-end programs for PostgreSQL 8.4
 postgresql-contrib-8.4 - additional facilities for PostgreSQL
 postgresql-doc-8.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.4 - PL/Perl procedural language for PostgreSQL 8.4
 postgresql-plpython-8.4 - PL/Python procedural language for PostgreSQL 8.4
 postgresql-pltcl-8.4 - PL/Tcl procedural language for PostgreSQL 8.4
 postgresql-server-dev-8.4 - development files for PostgreSQL 8.4 server-side programming
Launchpad-Bugs-Fixed: 1348176
Changes:
 postgresql-8.4 (8.4.22-0ubuntu0.12.04) precise-proposed; urgency=medium
 .
   * New upstream bug fix release: (LP: #1348176)
     - Various data integrity and other bug fixes.
     - Secure Unix-domain sockets of temporary postmasters started during make
        check.
        Any local user able to access the socket file could connect as the
        server's bootstrap superuser, then proceed to execute arbitrary code as
        the operating-system user running the test, as we previously noted in
        CVE-2014-0067. This change defends against that risk by placing the
        server's socket in a temporary, mode 0700 subdirectory of /tmp.
     - See release notes for details:
       http://www.postgresql.org/docs/current/static/release-8-4-22.html
   * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
     above upstream changes and not applicable any more.
Checksums-Sha1:
 54aaf1485d02e663536cb943413051a6c2e0a634 2859 postgresql-8.4_8.4.22-0ubuntu0.12.04.dsc
 5e0aefc6d056a914bf4acc18e3a518d00d27a240 18332542 postgresql-8.4_8.4.22.orig.tar.gz
 aa38d91b3bc9bd509bf6348a54704e0a3f482f10 51514 postgresql-8.4_8.4.22-0ubuntu0.12.04.diff.gz
Checksums-Sha256:
 e1cdd6d3883135a280bcfc9554c79544a10964f27f051c6e327609562d3de58c 2859 postgresql-8.4_8.4.22-0ubuntu0.12.04.dsc
 dda6dee53751ef6803f8a38e11d9621b8b02a9b0d7cbb2f4cff27d25d92b0a05 18332542 postgresql-8.4_8.4.22.orig.tar.gz
 07a7fa47919b28a7f4f75d47f22b03e43f4b7ce80e9d2a39f0eac31bff876dbb 51514 postgresql-8.4_8.4.22-0ubuntu0.12.04.diff.gz
Files:
 ca890485c2e518381d2b6109709afcd3 2859 database optional postgresql-8.4_8.4.22-0ubuntu0.12.04.dsc
 26960b858a1b76e88a1c3a9dd495fe80 18332542 database optional postgresql-8.4_8.4.22.orig.tar.gz
 9c299a05239609b87df8eb9b0dce239d 51514 database optional postgresql-8.4_8.4.22-0ubuntu0.12.04.diff.gz
Original-Maintainer: Martin Pitt <mpitt at debian.org>

More information about the Precise-changes mailing list