[ubuntu/precise-security] postgresql-9.1 9.1.15-0ubuntu0.12.04 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 11 17:53:46 UTC 2015

postgresql-9.1 (9.1.15-0ubuntu0.12.04) precise-security; urgency=medium

  * New upstream security/bug fix release (LP: #1418928)
    - Fix buffer overruns in to_char() [CVE-2015-0241]
    - Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
    - Fix possible loss of frontend/backend protocol synchronization after an
      error [CVE-2015-0244]
    - Fix information leak via constraint-violation error messages
    - See release notes for details about other fixes:

postgresql-9.1 (9.1.14-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
  * Drop pg_regress patches to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.

postgresql-9.1 (9.1.13-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release. No security issues or major data loss fixes
    this time, see release.html for details. (LP: #1294006)

Date: 2015-02-11 15:25:12.504147+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list