[ubuntu/xenial-proposed] postgresql-9.5 9.5.7-0ubuntu0.16.04 (Accepted)

Christian Ehrhardt christian.ehrhardt at canonical.com
Thu May 18 21:23:37 UTC 2017 

postgresql-9.5 (9.5.7-0ubuntu0.16.04) xenial; urgency=medium

  * New upstream release (LP: #1690730)
    - Restrict visibility of pg_user_mappings.umoptions, to protect passwords
      stored as user mapping options (CVE-2017-7486)
    - Prevent exposure of statistical information via leaky operators
      (CVE-2017-7484)
    - Restore libpq's recognition of the PGREQUIRESSL environment variable
      (CVE-2017-7485)

    - A dump/restore is not required for those running 9.5.X.
    - However, if you use foreign data servers that make use of user passwords
      for authentication, see the first changelog entry.
    - Also, if you are using third-party replication tools that depend on
      "logical decoding", see the fourth changelog entry.

    - Details about other changes at full changelog:
      https://www.postgresql.org/docs/9.5/static/release-9-5-7.html

Date: Mon, 15 May 2017 08:46:07 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.7-0ubuntu0.16.04
-------------- next part --------------
Format: 1.8
Date: Mon, 15 May 2017 08:46:07 +0200
Source: postgresql-9.5
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5
Architecture: source
Version: 9.5.7-0ubuntu0.16.04
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.5 - object-relational SQL database, version 9.5 server
 postgresql-9.5-dbg - debug symbols for postgresql-9.5
 postgresql-client-9.5 - front-end programs for PostgreSQL 9.5
 postgresql-contrib-9.5 - additional facilities for PostgreSQL
 postgresql-doc-9.5 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5
 postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5
 postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5
 postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5
 postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming
Launchpad-Bugs-Fixed: 1690730
Changes:
 postgresql-9.5 (9.5.7-0ubuntu0.16.04) xenial; urgency=medium
 .
   * New upstream release (LP: #1690730)
     - Restrict visibility of pg_user_mappings.umoptions, to protect passwords
       stored as user mapping options (CVE-2017-7486)
     - Prevent exposure of statistical information via leaky operators
       (CVE-2017-7484)
     - Restore libpq's recognition of the PGREQUIRESSL environment variable
       (CVE-2017-7485)
 .
     - A dump/restore is not required for those running 9.5.X.
     - However, if you use foreign data servers that make use of user passwords
       for authentication, see the first changelog entry.
     - Also, if you are using third-party replication tools that depend on
       "logical decoding", see the fourth changelog entry.
 .
     - Details about other changes at full changelog:
       https://www.postgresql.org/docs/9.5/static/release-9-5-7.html
Checksums-Sha1:
 1159d08de8f1b72920c7707114cc5454be433990 3649 postgresql-9.5_9.5.7-0ubuntu0.16.04.dsc
 3bb9675025cf1c2a5722f45a0fc8d0891669e094 18639775 postgresql-9.5_9.5.7.orig.tar.bz2
 8a4a18bda808fda435af8825921ab1ae07e64d7a 22800 postgresql-9.5_9.5.7-0ubuntu0.16.04.debian.tar.xz
Checksums-Sha256:
 36b43ca58aa6322849453abe952984d63608e38b08a9e8cdeabc9dd0baa997c1 3649 postgresql-9.5_9.5.7-0ubuntu0.16.04.dsc
 8b1e936f82109325decc0f5575e846b93fb4fd384e8c4bde83ff5e7f87fc6cad 18639775 postgresql-9.5_9.5.7.orig.tar.bz2
 8bf7070ff65567ad61aee0793489cf85b7216ec9b7a87ba5601d16668b9e77c6 22800 postgresql-9.5_9.5.7-0ubuntu0.16.04.debian.tar.xz
Files:
 329e8cd717c178edab94eaed8a4c1e55 3649 database optional postgresql-9.5_9.5.7-0ubuntu0.16.04.dsc
 8f225bc596ab953ec57f8f9ebfd66b92 18639775 database optional postgresql-9.5_9.5.7.orig.tar.bz2
 8017fead88b96ad3a83af5a0635d11d8 22800 database optional postgresql-9.5_9.5.7-0ubuntu0.16.04.debian.tar.xz
Original-Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>

More information about the Xenial-changes mailing list