Back to postgresql-13 PTS page

Accepted postgresql-13 13.10-0+deb11u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted postgresql-13 13.10-0+deb11u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 12 Feb 2023 19:32:13 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: postgresql-13_13.10-0+deb11u1_source.changes
Debian-source: postgresql-13
Debian-suite: proposed-updates
Debian-version: 13.10-0+deb11u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=kL0jfTU7hmh+pALs4wwzFdTDhPh8GnAZ+v5yKVwHzOU=; b=syJw++ZnrDRPQ8UL7mVXaHT0Oh fWJlNZ8yL4KoLz8zHWPSRXa8hCxlsfLCwzXX2KuNYgcTMU63tZSOBvfG1Bl93C3rLSeZMEjo1vCFZ hPBq3ZOTerfZc/NMIlySkLTgOIcHkHsXVBsviYtanpLc6MQbegOxQh2HdHjYc2r/fvCcJ35DRiUkq 6mvasW/Fd2mIOpaeEYJtCsvakBGZrGTC9pSA2u+TA9eOR10Tkh7Nr1JNbm6G6hlYmxPT9i4Bctnq2 nSBO3oiE1cg/68bJ4oTNHDESDO6K0b0VbhR1+MuE7XrAXND6T5sCZmvG0ljxIgccAEQAw8f2E8UjA pXDLW6MQ==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1pRI57-00D0o2-Bb@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Feb 2023 15:28:39 +0100
Source: postgresql-13
Architecture: source
Version: 13.10-0+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-13 (13.10-0+deb11u1) bullseye; urgency=medium
 .
   * New upstream version.
 .
     + libpq can leak memory contents after GSSAPI transport encryption
       initiation fails (Jacob Champion)
 .
       A modified server, or an unauthenticated man-in-the-middle, can send a
       not-zero-terminated error message during setup of GSSAPI (Kerberos)
       transport encryption.  libpq will then copy that string, as well as
       following bytes in application memory up to the next zero byte, to its
       error report. Depending on what the calling application does with the
       error report, this could result in disclosure of application memory
       contents.  There is also a small probability of a crash due to reading
       beyond the end of memory.  Fix by properly zero-terminating the server
       message. (CVE-2022-41862)
Checksums-Sha1:
 0eee67c09cba080cca441fd4fade36a1a025a7f5 3703 postgresql-13_13.10-0+deb11u1.dsc
 429963ec9858d8f4eab6bb2c5bffd0b52ea94eb6 21457594 postgresql-13_13.10.orig.tar.bz2
 f94ea86f84a06ddcba1d413960804b7565fa099a 29704 postgresql-13_13.10-0+deb11u1.debian.tar.xz
Checksums-Sha256:
 2b23229ab9a89c2df6c2e6301177c7b09106386e744d92dd301a8c445093b46d 3703 postgresql-13_13.10-0+deb11u1.dsc
 5bbcf5a56d85c44f3a8b058fb46862ff49cbc91834d07e295d02e6de3c216df2 21457594 postgresql-13_13.10.orig.tar.bz2
 360305293cf52bb73973596aba091a00de6da371713d87bcf5f0f79c3966f670 29704 postgresql-13_13.10-0+deb11u1.debian.tar.xz
Files:
 c6ce7d488909522195fe22b82613c997 3703 database optional postgresql-13_13.10-0+deb11u1.dsc
 72ef0eb5f9fdc5a837c14cd19c5007a0 21457594 database optional postgresql-13_13.10.orig.tar.bz2
 d381a86e421b831b3323a92cb3984534 29704 database optional postgresql-13_13.10-0+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmPmAZYACgkQTFprqxLS
p64AxA/+Io/lpWr2w73y04Rw4Xe8n6IAqIQY/jZgx6bBXIcMUSUVRg7tPRs8eatC
X7iXYR1Qo/Jjf2/7rKyZV3HoNEmjKMiZRbybMwUuHxLNvuAGW/3RCCFyKp+FtqaV
aRMJU3cLF2ArVSIpxJWEh1BP26D6zVUKNwbJGj54AW6KpO82FMDaHmz9cgV1qKVT
JRxe3qIDK7yEjDeD6bY/PFnB0xG4cThRYvfWCId3btTejGMAF6knYfPqjuHs2nr7
zJ1ueSUo1q9DIS1S44dQUke10Z1rCPYNXlU8Gog2TC28fKW5g+XejZlr22nxFue5
BTFFMaAWk4XLrYUUXWekGzlvWZQUnZgNtfpHMO8gaOXns11whHTWJ8AVnYh7Bndc
ldMjqZaXuXrKP/Tqhj4lLoK9+bYnuV7KMtR5f2/leB0QzMsJ2EkXf1YcrEGJYDEb
IC3RLPkUDTKXEY0SH40DYPK2DHwo9hl1yzKpkwbALhqtW5SMpOqEsAu11MRyDTPR
D3Eg4OuKwCaN5gXlattvM/po2w2L79SHwv+k2BJ0gcgGaASJz4OsYYut+RxZaQaa
l3ZZ6ZTO7qiFiM6wkl9pGKqlA8bt4JN/GmI4PuXkH2sqm5TpRyJ5I8CL3XuM2eIG
835ayFvcqLZnlkZuTb5oolSK1WvhEEeDozf2AFZIdJhlSHz0vHw=
=NBWx
-----END PGP SIGNATURE-----