[ubuntu/wily-proposed] postgresql-9.4 9.4.5-1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Thu Oct 8 20:48:23 UTC 2015
postgresql-9.4 (9.4.5-1) unstable; urgency=medium
* New upstream version.
+ Guard against stack overflows in json parsing (Oskari Saarenmaa)
If an application constructs PostgreSQL json or jsonb values from
arbitrary user input, the application's users can reliably crash the
PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)
+ Fix contrib/pgcrypto to detect and report too-short crypt() salts
(Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
* debian/rules: Call dh without --parallel, it's not supported upstream.
Date: 2015-10-08 16:17:00.504699+00:00
Signed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.5-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Wily-changes
mailing list