[ubuntu/wily-security] postgresql-9.4 9.4.6-0ubuntu0.15.10 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Feb 11 17:46:14 UTC 2016
postgresql-9.4 (9.4.6-0ubuntu0.15.10) wily-security; urgency=medium
* New upstream security/bug fix release: (LP: #1544576)
- Fix infinite loops and buffer-overrun problems in regular expressions.
Very large character ranges in bracket expressions could cause infinite
loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
- Prevent certain PL/Java parameters from being set by non-superusers.
This change mitigates a PL/Java security bug (CVE-2016-0766), which was
fixed in PL/Java by marking these parameters as superuser-only. To fix
the security hazard for sites that update PostgreSQL more frequently
than PL/Java, make the core code aware of them also.
- See release notes for details about other fixes.
Date: 2016-02-11 15:50:13.396315+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.6-0ubuntu0.15.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Wily-changes
mailing list