[Pkg-postgresql-public] postgresql-9.1_9.1.14-0+deb7u1_amd64.changes
Christoph Berg
myon at debian.org
Mon Jul 28 18:21:14 UTC 2014
Hi,
I've uploaded the usual PostgreSQL minor release to wheezy. While the
changelog mentions a CVE number, upstream doesn't really consider this
as a security fix, as it just extends the prior "let's document the
problem" fix for this using technical measures (and the problem wasn't
severe anyway).
Please consider it for the next wheezy point release.
Re: Debian FTP Masters 2014-07-28 <E1XBp3v-0002we-Jm at franck.debian.org>
> Mapping wheezy to stable.
> Mapping stable to proposed-updates.
>
> Accepted:
>
> Format: 1.8
> Date: Mon, 28 Jul 2014 14:58:08 +0200
> Source: postgresql-9.1
> Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
> Architecture: source amd64 all
> Version: 9.1.14-0+deb7u1
> Distribution: wheezy
> Urgency: medium
> Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public at lists.alioth.debian.org>
> Changed-By: Christoph Berg <myon at debian.org>
> Description:
> libecpg-compat3 - older version of run-time library for ECPG programs
> libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
> libecpg6 - run-time library for ECPG programs
> libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
> libpq-dev - header files for libpq5 (PostgreSQL library)
> libpq5 - PostgreSQL C client library
> postgresql-9.1 - object-relational SQL database, version 9.1 server
> postgresql-9.1-dbg - debug symbols for postgresql-9.1
> postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
> postgresql-contrib-9.1 - additional facilities for PostgreSQL
> postgresql-doc-9.1 - documentation for the PostgreSQL database management system
> postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
> postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
> postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
> postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
> postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
> Changes:
> postgresql-9.1 (9.1.14-0+deb7u1) wheezy; urgency=medium
> .
> * New upstream release. Noteworthy changes:
> + Secure Unix-domain sockets of temporary postmasters started during make
> check (Noah Misch)
> .
> Any local user able to access the socket file could connect as the
> server's bootstrap superuser, then proceed to execute arbitrary code as
> the operating-system user running the test, as we previously noted in
> CVE-2014-0067. This change defends against that risk by placing the
> server's socket in a temporary, mode 0700 subdirectory of /tmp.
> .
> * Remove debian/pg_regress-in-tmp.patch.
> Checksums-Sha1:
> 200cc2c581680d13b6e3cd0c0c2109ee14cde9f9 3337 postgresql-9.1_9.1.14-0+deb7u1.dsc
> 88c4b33d49e834eddae9fbae3028f453b73ae2a6 15666442 postgresql-9.1_9.1.14.orig.tar.bz2
> f7edd84f6532a6a6b4c7a6a7ad3d9e8ec55b983e 39278 postgresql-9.1_9.1.14-0+deb7u1.debian.tar.gz
> a3648bfe348f6fe4dfb9b4f0062ba66a08370362 192984 libpq-dev_9.1.14-0+deb7u1_amd64.deb
> d14d14bca0479f8a2325b7beed16c7d1f99792fb 137230 libpq5_9.1.14-0+deb7u1_amd64.deb
> ed24b77de7d4ccccbbd02b30f5dddfbc2a938ec0 94332 libecpg6_9.1.14-0+deb7u1_amd64.deb
> 8e7ca70bc154be640c6a2420b3b591e7d6f53970 225968 libecpg-dev_9.1.14-0+deb7u1_amd64.deb
> f1f735fbc09e125f899ae2972aa3ac4eb945360e 32116 libecpg-compat3_9.1.14-0+deb7u1_amd64.deb
> fa3196bd0aaf46a2728589ec8604acdce5baf47e 53444 libpgtypes3_9.1.14-0+deb7u1_amd64.deb
> cb436001957ef2690b84ea027385754028f7ddae 3278764 postgresql-9.1_9.1.14-0+deb7u1_amd64.deb
> a607a2746077156246f2b989360c462e89531b1f 6694882 postgresql-9.1-dbg_9.1.14-0+deb7u1_amd64.deb
> 1e4c637fa0da4c275f2f1acfa97901facda57ef4 996004 postgresql-client-9.1_9.1.14-0+deb7u1_amd64.deb
> 015dda2b60bd79dd280e2cd99de1ca2b3185ecab 553710 postgresql-server-dev-9.1_9.1.14-0+deb7u1_amd64.deb
> 034fae5cac1716e7a141492df9313a4411c7f305 1632892 postgresql-doc-9.1_9.1.14-0+deb7u1_all.deb
> 8012cd4c806aec931dd31aa349e4a7a3e6c126e9 364150 postgresql-contrib-9.1_9.1.14-0+deb7u1_amd64.deb
> dba15da4fd542804ebfcd2fc7a5169e4ac0b1012 72572 postgresql-plperl-9.1_9.1.14-0+deb7u1_amd64.deb
> 44b1a0d21cc6c3b7cae9772820308bdf73b27448 57056 postgresql-plpython-9.1_9.1.14-0+deb7u1_amd64.deb
> 859840c4d01829a4a4f8d3d2e29e8a45853f60e1 56466 postgresql-plpython3-9.1_9.1.14-0+deb7u1_amd64.deb
> f32c22b04a8f5ff0dbe6837db71522d46de46c56 46748 postgresql-pltcl-9.1_9.1.14-0+deb7u1_amd64.deb
> Checksums-Sha256:
> 967a4329e376d2cc9b34c8b16bd87bed7cf21e03316b5c25448c550172dcef7d 3337 postgresql-9.1_9.1.14-0+deb7u1.dsc
> d0647ce563d18ae02bf68c5dd646a4c75e8b45b3a4fada64d481371fdc16f522 15666442 postgresql-9.1_9.1.14.orig.tar.bz2
> 023d0c832fade6eaed9bf702e7ad1523aa3d0617b85b967c06b3610c9b7b42e6 39278 postgresql-9.1_9.1.14-0+deb7u1.debian.tar.gz
> 286c824d89b2a6964c1ba90086f3bf729585957a160a9a15d66ba9e646b3f835 192984 libpq-dev_9.1.14-0+deb7u1_amd64.deb
> d3b302e4d44cc4dae63387d58d28032025b2e8078f9b8697bda45b7c89b35416 137230 libpq5_9.1.14-0+deb7u1_amd64.deb
> 4440fc1467dc274a8d11b6b1a1400275543bfad46ad19d906e9103ae3e3498a2 94332 libecpg6_9.1.14-0+deb7u1_amd64.deb
> c56be5dd0f2cfdf6af4b11969c38aef01a9a3118fa44e365fb3770a942550947 225968 libecpg-dev_9.1.14-0+deb7u1_amd64.deb
> a6a9e2ec3831e208aaf31e9ba44280dd1aec1a07c15e2e73a255a07003e8f945 32116 libecpg-compat3_9.1.14-0+deb7u1_amd64.deb
> 25525983783fe0d7c2d58ccdce4e805c28ef08619acdb73279feec802a13f66b 53444 libpgtypes3_9.1.14-0+deb7u1_amd64.deb
> 5d14cbd325868a261d689a63bc9e1f87da551c10260ee2e61fef9ba5263098bb 3278764 postgresql-9.1_9.1.14-0+deb7u1_amd64.deb
> f90c4f74f3e8d05e6b0e5982a895175b3f90bf15f86ad1494baaeb6285818d1a 6694882 postgresql-9.1-dbg_9.1.14-0+deb7u1_amd64.deb
> d1faa3ae340aff47547999428e63d824307e7279130bc078cd7b67beab51e90d 996004 postgresql-client-9.1_9.1.14-0+deb7u1_amd64.deb
> 8263e82f9c7691194e0af106f6cf932a0c770da17f61d5600b0381dda3cc7613 553710 postgresql-server-dev-9.1_9.1.14-0+deb7u1_amd64.deb
> 644915d399cf2aa87719dc5a89d341c8d9e1134cd9b92c23bc5b4173d7172776 1632892 postgresql-doc-9.1_9.1.14-0+deb7u1_all.deb
> c91d26a4ac453c2bde453d38cb4deeb612cb9c5270559cb8af65170add36d375 364150 postgresql-contrib-9.1_9.1.14-0+deb7u1_amd64.deb
> 6366e1f942ba3cdbe23cb373f0b8b5ec0eb118fd53ffddb2df99636013a7de17 72572 postgresql-plperl-9.1_9.1.14-0+deb7u1_amd64.deb
> 2733f174a2fb20ee599b642fbd940a7759d8e426f068af6a40f6cf918623cf3b 57056 postgresql-plpython-9.1_9.1.14-0+deb7u1_amd64.deb
> ea385369454b7b8cd9bd5ea78bb454d7135501cc782aaef3ce1323d4ad20df41 56466 postgresql-plpython3-9.1_9.1.14-0+deb7u1_amd64.deb
> f553620e6b5712d5817d64449b848033ffda5128d2d4a3c7f367777480a6bd94 46748 postgresql-pltcl-9.1_9.1.14-0+deb7u1_amd64.deb
> Files:
> dc47f1033f548f53e8193af359961639 3337 database optional postgresql-9.1_9.1.14-0+deb7u1.dsc
> 34474254fefba82ce09e084a3ebb008d 15666442 database optional postgresql-9.1_9.1.14.orig.tar.bz2
> b616eb167f9abf0442ee8d457f7434e6 39278 database optional postgresql-9.1_9.1.14-0+deb7u1.debian.tar.gz
> 06b74e985515ad09337c2b8a804cd810 192984 libdevel optional libpq-dev_9.1.14-0+deb7u1_amd64.deb
> 1933f3b975c9dd61faed139ea307590d 137230 libs optional libpq5_9.1.14-0+deb7u1_amd64.deb
> 8f0f643ef330312428e7dbf339c83eb5 94332 libs optional libecpg6_9.1.14-0+deb7u1_amd64.deb
> e3faabef062df048e5419dab87634d43 225968 libdevel optional libecpg-dev_9.1.14-0+deb7u1_amd64.deb
> 0462467664182754c17c0775d48b523d 32116 libs optional libecpg-compat3_9.1.14-0+deb7u1_amd64.deb
> 05192714f81e17550b6fd138625e30ed 53444 libs optional libpgtypes3_9.1.14-0+deb7u1_amd64.deb
> 09728fcfeee9cbd5f248434e806dc2b4 3278764 database optional postgresql-9.1_9.1.14-0+deb7u1_amd64.deb
> edaef9fe9b8405ac03f2d831e2643ecd 6694882 debug extra postgresql-9.1-dbg_9.1.14-0+deb7u1_amd64.deb
> 511638ee5738da0e27c3c04553ba3ae8 996004 database optional postgresql-client-9.1_9.1.14-0+deb7u1_amd64.deb
> 0b1dd3866a5ee0d67cbab598e9441f2a 553710 libdevel optional postgresql-server-dev-9.1_9.1.14-0+deb7u1_amd64.deb
> fab9ef059076c17e1b6c62b24d820afb 1632892 doc optional postgresql-doc-9.1_9.1.14-0+deb7u1_all.deb
> 71061e19c21084032719d88195871242 364150 database optional postgresql-contrib-9.1_9.1.14-0+deb7u1_amd64.deb
> c65df929d6fa6bf099feafc5c2f94583 72572 database optional postgresql-plperl-9.1_9.1.14-0+deb7u1_amd64.deb
> 4f9765d621e869855d4acd0bc201b143 57056 database optional postgresql-plpython-9.1_9.1.14-0+deb7u1_amd64.deb
> c29df9577dca12d8db22d43e3c4effce 56466 database optional postgresql-plpython3-9.1_9.1.14-0+deb7u1_amd64.deb
> 421baa7fc7b73f65c0390705a26e9e9a 46748 database optional postgresql-pltcl-9.1_9.1.14-0+deb7u1_amd64.deb
>
>
>
> Thank you for your contribution to Debian.
>
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20140728/8c89dce4/attachment.sig>
More information about the Pkg-postgresql-public
mailing list