[ubuntu/raring-proposed] postgresql-9.1 9.1.9-1ubuntu1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Thu Apr 4 14:06:41 UTC 2013
postgresql-9.1 (9.1.9-1ubuntu1) raring; urgency=low
* Merge with Debian unstable. (LP: #1163184) Remaining Ubuntu changes:
- debian/rules: Configure for the Tcl/Tk 8.5 multiarch installation.
postgresql-9.1 (9.1.9-1) unstable; urgency=high
* Urgency high because of critical remote data destruction vulnerability.
* New upstream security/bug fix release:
- Fix insecure parsing of server command-line switches.
A connection request containing a database name that begins with
"-" could be crafted to damage or destroy files within the server's
data directory, even if the request is eventually rejected.
[CVE-2013-1899] (Closes: #704479)
- Reset OpenSSL randomness state in each postmaster child process.
This avoids a scenario wherein random numbers generated by
"contrib/pgcrypto" functions might be relatively easy for another
database user to guess. The risk is only significant when the
postmaster is configured with ssl = on but most connections don't
use SSL encryption. [CVE-2013-1900]
- Make REPLICATION privilege checks test current user not
authenticated user.
An unprivileged database user could exploit this mistake to call
pg_start_backup() or pg_stop_backup(), thus possibly interfering
with creation of routine backups. [CVE-2013-1901]
- Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
not appropriate to do so.
The core geometric types perform comparisons using "fuzzy"
equality, but gist_box_same must do exact comparisons, else GiST
indexes using it might become inconsistent. After installing this
update, users should "REINDEX" any GiST indexes on box, polygon,
circle, or point columns, since all of these use gist_box_same.
- Fix erroneous range-union and penalty logic in GiST indexes that
use "contrib/btree_gist" for variable-width data types, that is
text, bytea, bit, and numeric columns.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
useless index bloat. Users are advised to "REINDEX" such indexes
after installing this update.
- Fix bugs in GiST page splitting code for multi-column indexes.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
indexes that are unnecessarily inefficient to search. Users are
advised to "REINDEX" multi-column GiST indexes after installing
this update.
- See HISTORY/changelog.gz for details about the other bug fixes.
* Bump Standards-Version to 3.9.4 (no changes necessary).
Date: Thu, 04 Apr 2013 16:01:02 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
https://launchpad.net/ubuntu/raring/+source/postgresql-9.1/9.1.9-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 04 Apr 2013 16:01:02 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source
Version: 9.1.9-1ubuntu1
Distribution: raring
Urgency: high
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.1 - object-relational SQL database, version 9.1 server
postgresql-9.1-dbg - debug symbols for postgresql-9.1
postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
postgresql-contrib-9.1 - additional facilities for PostgreSQL
postgresql-doc-9.1 - documentation for the PostgreSQL database management system
postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Closes: 704479
Launchpad-Bugs-Fixed: 1163184
Changes:
postgresql-9.1 (9.1.9-1ubuntu1) raring; urgency=low
.
* Merge with Debian unstable. (LP: #1163184) Remaining Ubuntu changes:
- debian/rules: Configure for the Tcl/Tk 8.5 multiarch installation.
.
postgresql-9.1 (9.1.9-1) unstable; urgency=high
.
* Urgency high because of critical remote data destruction vulnerability.
* New upstream security/bug fix release:
- Fix insecure parsing of server command-line switches.
A connection request containing a database name that begins with
"-" could be crafted to damage or destroy files within the server's
data directory, even if the request is eventually rejected.
[CVE-2013-1899] (Closes: #704479)
- Reset OpenSSL randomness state in each postmaster child process.
This avoids a scenario wherein random numbers generated by
"contrib/pgcrypto" functions might be relatively easy for another
database user to guess. The risk is only significant when the
postmaster is configured with ssl = on but most connections don't
use SSL encryption. [CVE-2013-1900]
- Make REPLICATION privilege checks test current user not
authenticated user.
An unprivileged database user could exploit this mistake to call
pg_start_backup() or pg_stop_backup(), thus possibly interfering
with creation of routine backups. [CVE-2013-1901]
- Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
not appropriate to do so.
The core geometric types perform comparisons using "fuzzy"
equality, but gist_box_same must do exact comparisons, else GiST
indexes using it might become inconsistent. After installing this
update, users should "REINDEX" any GiST indexes on box, polygon,
circle, or point columns, since all of these use gist_box_same.
- Fix erroneous range-union and penalty logic in GiST indexes that
use "contrib/btree_gist" for variable-width data types, that is
text, bytea, bit, and numeric columns.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
useless index bloat. Users are advised to "REINDEX" such indexes
after installing this update.
- Fix bugs in GiST page splitting code for multi-column indexes.
These errors could result in inconsistent indexes in which some
keys that are present would not be found by searches, and also in
indexes that are unnecessarily inefficient to search. Users are
advised to "REINDEX" multi-column GiST indexes after installing
this update.
- See HISTORY/changelog.gz for details about the other bug fixes.
* Bump Standards-Version to 3.9.4 (no changes necessary).
Checksums-Sha1:
613560896c9e101bcf2645e96b4bfed31a6bf583 3347 postgresql-9.1_9.1.9-1ubuntu1.dsc
7a1a93c3c50eccedc5ebe6608323de2e7ca8dc57 37179 postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
Checksums-Sha256:
4875a94d28df2c7fa1a9bfa48fc7801978ad28341763da27e2ef0df759bcf55f 3347 postgresql-9.1_9.1.9-1ubuntu1.dsc
d9139e6bbfd5125299dd87b1e7094a099fc1ac878431601690b1c2a8c0ef15e8 37179 postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
Files:
4fcb8a1d5b4247ee5de1e46daa408ccc 3347 database optional postgresql-9.1_9.1.9-1ubuntu1.dsc
c26942b41307b0c8bae06ad01b8ee4b7 37179 database optional postgresql-9.1_9.1.9-1ubuntu1.debian.tar.gz
More information about the Raring-changes
mailing list