Accepted postgresql-15 15.2-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted postgresql-15 15.2-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 09 Feb 2023 14:40:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-15_15.2-1_source.changes
- Debian-source: postgresql-15
- Debian-suite: unstable
- Debian-version: 15.2-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=bY7JxjWyom4Cj4bNOWm9sJfepc+0v2rx/YaoKWxATGM=; b=OoSSsE0T2Obi61BDqu6mqAPPDO tT+tQ/AOKgMdXBBhIHmZKHQ9gGgNoFf5v7LytwnW4s1nS63PygDf1wJonaSKSka2Id+nLUWljckHX id4Mj0JMcNPP/tGOnzJsR5EQ+8kgkxhN4G0HvQ5YC/QOQBAI/3tgC1zMSCGI3jJXnGTpeQ4+1Ymwj fNpKJFqN9K8zbKKGJiT/gz92j7stDMHoCeeDnA3ihQ0ngSS/hWMOuBqLnhJvWgu/DcRSl6k3P2ego g/m/y6OcoeUlqQFcz9RYAM/zECUVC6GfQT2qElWD7MLzpDDbsc7FTwNys0k1sOKOecEjYeRnYknbb FxNuzDpw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pQ85y-00G2dL-WC@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Feb 2023 14:57:10 +0100
Source: postgresql-15
Architecture: source
Version: 15.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-15 (15.2-1) unstable; urgency=medium
.
* New upstream version.
.
+ libpq can leak memory contents after GSSAPI transport encryption
initiation fails (Jacob Champion)
.
A modified server, or an unauthenticated man-in-the-middle, can send a
not-zero-terminated error message during setup of GSSAPI (Kerberos)
transport encryption. libpq will then copy that string, as well as
following bytes in application memory up to the next zero byte, to its
error report. Depending on what the calling application does with the
error report, this could result in disclosure of application memory
contents. There is also a small probability of a crash due to reading
beyond the end of memory. Fix by properly zero-terminating the server
message. (CVE-2022-41862)
Checksums-Sha1:
1582682bab8d0eac9c3c06d330c786f7996d30bd 3878 postgresql-15_15.2-1.dsc
8c7706a7ef267e49026434378836b76e4d4ad532 22688379 postgresql-15_15.2.orig.tar.bz2
4c1571187ba20c09169797c6279af4c774496055 22528 postgresql-15_15.2-1.debian.tar.xz
Checksums-Sha256:
20e89ad20ef0b4edc3527926e019024cb9398454f121e3640aad24fbd7e66107 3878 postgresql-15_15.2-1.dsc
99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 22688379 postgresql-15_15.2.orig.tar.bz2
20ae9286ecbae9d4ffa16e871c6bbfcf644532e95a1ca5c7524315a6278aa3c5 22528 postgresql-15_15.2-1.debian.tar.xz
Files:
570f14d90382b9409356ecb974be7c3d 3878 database optional postgresql-15_15.2-1.dsc
968418dbdd700caaccfeabcee7516496 22688379 database optional postgresql-15_15.2.orig.tar.bz2
184c9135138e2c4758e3652f4fc1e225 22528 database optional postgresql-15_15.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmPirPoACgkQTFprqxLS
p64z3Q//S9wvB2tGRfcyyvbkayE/lPhQbpoE97Rbt4/5SCf+6A/hnXputAFzCuiT
3tgacJbDcbIkqZgSYtM/Y8U+fpE6SbW1Ma3JgA0CAS/hvkfO95lWz24R/Gr6aDdm
nCmer0IZKKKqX6C+Ty3/uM7AG8ZvWfRT9VsIUtZBCJNLe6p7jhK2C/QfwdtxZjm6
XAtZcFfShldj/RpadHh12gZWWkQmyYEKMQnKNc+upKJSSfEr9Iq/cVgUM6dwqu7V
efymLhMYojq8rhrvBPVbt3NWor6IdIkaNOXhBP243aq6yTVLGey7kK3mVHoj/r1J
YQvDtoVMUOrxuN4UFLXuOk7ZiwP8iQd6Vgiso9UhFT1vaQ+LFtGiakRsbrCcXDc0
NwRyIRtE4bg9lGK4XdlDF4G4Ki9EoonS2H6RmbvSV8qFDkaSxjYXpxjJGL6SkH5H
ukaNZknWFfjKK7a0o370JjgiPBeRZ+ggFZx/+0h0NoVYXmHmDae2ntE9yShGrMqJ
HfDwdmB0GREdM9I5qOv4664+7oGsxJIVj7iJhVwFKZjBcsg2tF7mKUnF9oVFeIeW
219y2wSqSSlGwo3o+a9gUfXJql+K+FGFPpy8nUuSsCX2eHwkUZpw2ICE90tLi9rX
gp1xAi51F/FSMzI8A+P3RxMT69/+Pfqqwn6AmVmZu0BGMAj8ijg=
=LNRk
-----END PGP SIGNATURE-----