[ubuntu/precise-security] postgresql-9.1 9.1.15-0ubuntu0.12.04 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Feb 11 17:53:46 UTC 2015
postgresql-9.1 (9.1.15-0ubuntu0.12.04) precise-security; urgency=medium
* New upstream security/bug fix release (LP: #1418928)
- Fix buffer overruns in to_char() [CVE-2015-0241]
- Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
- Fix possible loss of frontend/backend protocol synchronization after an
error [CVE-2015-0244]
- Fix information leak via constraint-violation error messages
[CVE-2014-8161]
- See release notes for details about other fixes:
http://www.postgresql.org/about/news/1569/
postgresql-9.1 (9.1.14-0ubuntu0.12.04) precise-proposed; urgency=medium
* New upstream bug fix release: (LP: #1348176)
- Various data integrity and other bug fixes.
- Secure Unix-domain sockets of temporary postmasters started during make
check.
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
- See release notes for details:
http://www.postgresql.org/docs/current/static/release-9-1-14.html
* Drop pg_regress patches to run tests with socket in /tmp, obsolete with
above upstream changes and not applicable any more.
postgresql-9.1 (9.1.13-0ubuntu0.12.04) precise-proposed; urgency=medium
* New upstream bug fix release. No security issues or major data loss fixes
this time, see release.html for details. (LP: #1294006)
Date: 2015-02-11 15:25:12.504147+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.15-0ubuntu0.12.04
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list