[Pkg-postgresql-public] Bug#777152: unblock: postgresql-9.4/9.4.1-1

Christoph Berg christoph.berg at credativ.de
Thu Feb 5 16:18:00 UTC 2015


Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package postgresql-9.4. The new version fixes a bunch
of CVEs, and a regression in postfix-pgsql. There are no changes in
debian/ (except of course for the changelog).

postgresql-9.4 (9.4.1-1) unstable; urgency=medium

  * New upstream version.
    + libpq5: Name lookups fixed in minimal chroots (Closes: #756627)
    + Fix buffer overruns in to_char() (CVE-2015-0241)
    + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
    + Fix possible loss of frontend/backend protocol synchronization after an
      error (CVE-2015-0244)
    + Fix information leak via constraint-violation error messages
      (CVE-2014-8161)

 -- Christoph Berg <myon at debian.org>  Wed, 04 Feb 2015 17:55:28 +0100


unblock postgresql-9.4/9.4.1-1

Christoph
-- 
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150205/f9437335/attachment.sig>


More information about the Pkg-postgresql-public mailing list