[ubuntu/precise-proposed] postgresql-9.1 9.1.14-0ubuntu0.12.04 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Wed Jul 30 09:30:05 UTC 2014 

postgresql-9.1 (9.1.14-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-9-1-14.html
  * Drop pg_regress patches to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.

Date: Thu, 24 Jul 2014 18:09:12 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/postgresql-9.1/9.1.14-0ubuntu0.12.04
-------------- next part --------------
Format: 1.8
Date: Thu, 24 Jul 2014 18:09:12 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source
Version: 9.1.14-0ubuntu0.12.04
Distribution: precise-proposed
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.1 - object-relational SQL database, version 9.1 server
 postgresql-9.1-dbg - debug symbols for postgresql-9.1
 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
 postgresql-contrib-9.1 - additional facilities for PostgreSQL
 postgresql-doc-9.1 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
 postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Launchpad-Bugs-Fixed: 1348176
Changes:
 postgresql-9.1 (9.1.14-0ubuntu0.12.04) precise-proposed; urgency=medium
 .
   * New upstream bug fix release: (LP: #1348176)
     - Various data integrity and other bug fixes.
     - Secure Unix-domain sockets of temporary postmasters started during make
        check.
        Any local user able to access the socket file could connect as the
        server's bootstrap superuser, then proceed to execute arbitrary code as
        the operating-system user running the test, as we previously noted in
        CVE-2014-0067. This change defends against that risk by placing the
        server's socket in a temporary, mode 0700 subdirectory of /tmp.
     - See release notes for details:
       http://www.postgresql.org/docs/current/static/release-9-1-14.html
   * Drop pg_regress patches to run tests with socket in /tmp, obsolete with
     above upstream changes and not applicable any more.
Checksums-Sha1:
 979385b60b547eb286c9c40b5d031f9364a6a83d 3417 postgresql-9.1_9.1.14-0ubuntu0.12.04.dsc
 88c4b33d49e834eddae9fbae3028f453b73ae2a6 15666442 postgresql-9.1_9.1.14.orig.tar.bz2
 90ae66de8fe4dc341f844bb004eb889320a5dd63 35208 postgresql-9.1_9.1.14-0ubuntu0.12.04.debian.tar.xz
Checksums-Sha256:
 217a274d5ae85d06c52bd7951af75bb9f68ad1cfc3a67ff3896945b48698791f 3417 postgresql-9.1_9.1.14-0ubuntu0.12.04.dsc
 d0647ce563d18ae02bf68c5dd646a4c75e8b45b3a4fada64d481371fdc16f522 15666442 postgresql-9.1_9.1.14.orig.tar.bz2
 9c5eaed698da7a431797cbe75a08415ad91c05fc0e265f5292af8f0cf9237e9b 35208 postgresql-9.1_9.1.14-0ubuntu0.12.04.debian.tar.xz
Files:
 92be7350c350bd6cd23da4219b03ae02 3417 database optional postgresql-9.1_9.1.14-0ubuntu0.12.04.dsc
 34474254fefba82ce09e084a3ebb008d 15666442 database optional postgresql-9.1_9.1.14.orig.tar.bz2
 2448360438924376088e19d38e06568c 35208 database optional postgresql-9.1_9.1.14-0ubuntu0.12.04.debian.tar.xz
Original-Maintainer: Martin Pitt <mpitt at debian.org>

More information about the Precise-changes mailing list