Accepted postgresql-9.1 9.1.23-0+deb7u1 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 10 Aug 2016 13:52:25 +0200
Source: postgresql-9.1
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1
Architecture: source amd64 all
Version: 9.1.23-0+deb7u1
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg@credativ.de>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.1 - object-relational SQL database, version 9.1 server
postgresql-9.1-dbg - debug symbols for postgresql-9.1
postgresql-client-9.1 - front-end programs for PostgreSQL 9.1
postgresql-contrib-9.1 - additional facilities for PostgreSQL
postgresql-doc-9.1 - documentation for the PostgreSQL database management system
postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1
postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1
postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1
postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1
postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming
Changes:
postgresql-9.1 (9.1.23-0+deb7u1) wheezy-security; urgency=medium
.
* New upstream security release.
.
+ Fix possible mis-evaluation of nested CASE-WHEN expressions
(Heikki Linnakangas, Michael Paquier, Tom Lane)
.
A CASE expression appearing within the test value subexpression of
another CASE could become confused about whether its own test value was
null or not. Also, inlining of a SQL function implementing the equality
operator used by a CASE expression could result in passing the wrong
test value to functions called within a CASE expression in the SQL
function's body. If the test values were of different data types, a
crash might result; moreover such situations could be abused to allow
disclosure of portions of server memory. (CVE-2016-5423)
.
+ Fix client programs' handling of special characters in database and role
names (Noah Misch, Nathan Bossart, Michael Paquier)
.
Numerous places in vacuumdb and other client programs could become
confused by database and role names containing double quotes or
backslashes. Tighten up quoting rules to make that safe. Also, ensure
that when a conninfo string is used as a database name parameter to
these programs, it is correctly treated as such throughout.
.
Fix handling of paired double quotes in psql's \connect and \password
commands to match the documentation.
.
Introduce a new -reuse-previous option in psql's \connect command to
allow explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether the
database name looks like a conninfo string, as before.) This allows
secure handling of database names containing special characters in
pg_dumpall scripts.
.
pg_dumpall now refuses to deal with database and role names containing
carriage returns or newlines, as it seems impractical to quote those
characters safely on Windows. In future we may reject such names on the
server side, but that step has not been taken yet.
.
These are considered security fixes because crafted object names
containing special characters could have been used to execute commands
with superuser privileges the next time a superuser executes pg_dumpall
or other routine maintenance operations. (CVE-2016-5424)
Checksums-Sha1:
215f402b93bba48177aa180e9a5332562224121f 3339 postgresql-9.1_9.1.23-0+deb7u1.dsc
9b3c51c4b40d69e6d84c1a0ac464828b559f7362 15856178 postgresql-9.1_9.1.23.orig.tar.bz2
28f4d7acd6210b430cbcf56f1956167c9f784764 41227 postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz
c2266b56c92be3907b1ff7b84993878202145b53 196620 libpq-dev_9.1.23-0+deb7u1_amd64.deb
c18f8093ea1e5626b5851182a6dec9653996ced2 140850 libpq5_9.1.23-0+deb7u1_amd64.deb
b5cc14632bc25b5dab4659d51cae7ef259df0aef 96904 libecpg6_9.1.23-0+deb7u1_amd64.deb
5ff4b4235ae30679ecfd7e276e10cc5da93cf838 228742 libecpg-dev_9.1.23-0+deb7u1_amd64.deb
addff255f5b7ad8c8208aad6f99fa21463761316 34352 libecpg-compat3_9.1.23-0+deb7u1_amd64.deb
e9244139bf55402ef8522d90a453cd9af95d926e 55584 libpgtypes3_9.1.23-0+deb7u1_amd64.deb
215755b1329e8ec79994db7b75400e7155b93ebf 3281416 postgresql-9.1_9.1.23-0+deb7u1_amd64.deb
4ba838e28fa3afdd9b0930345667a55cbd144bc3 6733612 postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb
b1fe082ac8d7018e4e4b41edc2b4536dab31cf03 1007630 postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb
3580c81add8152323756a129bb73732f240ac17d 557438 postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb
a6fc5adb827d1bd632b8c971963c4e7c68b68894 1619640 postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb
cb29c7f9c865dae0de3047c9a1964420e93daba7 366690 postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb
9838d90d2d12fd2b6f238ef124f3c9f846fcacfc 74964 postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb
ded564fcab48a21bc8e075412b16080be863184a 58954 postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb
a3f6974367f7930f3a9cc0f23bad08d0e178b316 58620 postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb
10b29a408f7265095911fcff0c1a162b03e983ae 48954 postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb
Checksums-Sha256:
22b36898a0d5875572a194e94caae9bb6fb1a53c9bd3fb38785f4f15c532fe66 3339 postgresql-9.1_9.1.23-0+deb7u1.dsc
7f7471e8b3b369726f1c1df0e6a163dde63b6546c4bba985c1f36a574c75f6d5 15856178 postgresql-9.1_9.1.23.orig.tar.bz2
7eed53b001fd6652813893003e020e3db636b1b80210a0c83023b3b8899a75bf 41227 postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz
3e6cf53a3aa8df81e826ebfbc4ef272f2525a98c5ad1cfb5bd0c693e2b581a85 196620 libpq-dev_9.1.23-0+deb7u1_amd64.deb
6317ea45dfab390a8290257a947dd61b0bc9724c08c4ba8bfc2943e627262160 140850 libpq5_9.1.23-0+deb7u1_amd64.deb
905f57835d03dc9e0281f3bc8335300221b67f59a8e7052a636b25311dcb388d 96904 libecpg6_9.1.23-0+deb7u1_amd64.deb
add40a0a7ab1e9370e262edeb4ff6a9bc5a184169d968d78aa34377d91e91102 228742 libecpg-dev_9.1.23-0+deb7u1_amd64.deb
cc3e0c704f05e906ad349637bb4ee3c77c5cbb1113b3d73027f24dedfdbc728c 34352 libecpg-compat3_9.1.23-0+deb7u1_amd64.deb
55fd68ff63db9c0e6a80bc9d424ae254c6ae3d7391b3bc42d340e3245f14cc4b 55584 libpgtypes3_9.1.23-0+deb7u1_amd64.deb
e74b64811a78707276ab3ce93ce372ed3096d44a5e10992a9bf9b790f7f082b2 3281416 postgresql-9.1_9.1.23-0+deb7u1_amd64.deb
e1ad951d1f848fb70f65c9dc72462009118cdbf39a58f739888683e9cb85eccf 6733612 postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb
17a1b8b41644190ce8ddf058f9b700f6a61a9db79f945323dc566b63303f66f2 1007630 postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb
9625754d1e47b67fe4f3c63555f1485319ace64fa14d0c46396e39b188887180 557438 postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb
4563b3d78a0dc69c65dec5b0b140db78356193f96787a122c3fc6cb32c2da528 1619640 postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb
07ba942c5130b7e544b3d27030f5d9dea33fbf18045879e52e33fa2f1cbb7f31 366690 postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb
124dd69f071090340eeb8043bb6ac4bdd496f498c9236aabf1177c566f05847f 74964 postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb
8ffc5b67b388e59a67e9b50b8b1cade6a4c9c6f65969c7e1753295477c5e50a4 58954 postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb
c4fdd025a2ef917f5d84d78d1c087902f56faebe2c9376c29a38dc8db4b25290 58620 postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb
17179b0831f42c41001495ffd3335f7dec3d6f9b7102b0cf15f60b9fa8e079bb 48954 postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb
Files:
eb5340455a460ebaa97aa7656c4b8519 3339 database optional postgresql-9.1_9.1.23-0+deb7u1.dsc
0b8e663270374206da01e3729b1e1575 15856178 database optional postgresql-9.1_9.1.23.orig.tar.bz2
3088d1df9dda592e8b7ff5763507dda1 41227 database optional postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz
25d494b17f489257ab063bd175b01219 196620 libdevel optional libpq-dev_9.1.23-0+deb7u1_amd64.deb
594a27a6eb8dba2e1b491cc88cb93829 140850 libs optional libpq5_9.1.23-0+deb7u1_amd64.deb
1157832d9af72376e9d218c11098587a 96904 libs optional libecpg6_9.1.23-0+deb7u1_amd64.deb
a1c6eddebee222c55be55bb7454e9517 228742 libdevel optional libecpg-dev_9.1.23-0+deb7u1_amd64.deb
8ce94685f8103b0dde2de8a004b83614 34352 libs optional libecpg-compat3_9.1.23-0+deb7u1_amd64.deb
f57f72a220e1c201fbe15bcb87270cb5 55584 libs optional libpgtypes3_9.1.23-0+deb7u1_amd64.deb
c2907365f7475b4082250707277f320a 3281416 database optional postgresql-9.1_9.1.23-0+deb7u1_amd64.deb
eedec74fef005f117d813486f5dba86f 6733612 debug extra postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb
413fca53f3259f66075b3be87e05880c 1007630 database optional postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb
2c3db1bc8a666a738a427cc2d7d916d2 557438 libdevel optional postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb
57f76a07a2ec8fb8a807205072faee23 1619640 doc optional postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb
8ee52010c25a6440cd2238bd7e5de18e 366690 database optional postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb
b491da4d377e129dcaa66c55943fa226 74964 database optional postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb
8672d837ff51a33b4b9731e483a98871 58954 database optional postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb
8d2f358f2c9daa7e8751a1764792f09d 58620 database optional postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb
a75bb7f46b10bf131b57afca0e8bc53d 48954 database optional postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXqxxqAAoJEExaa6sS0qeuv2MP/2cz8KSEl4l6UU2p3TAt90pu
E33zB3ZOsc/AltJaV0MHXp109PocZtn6GRiSS6K12JN37AjeekZXB4C3Dv7JNLRF
sfLs3Fnui/aqU+uw5N/HhWwla3eoAcpPHUu4LKO5jV1Yw9fDPcA44vJrvYF2zhWw
8LuVbV7kPeqrufbbHhoDAOVzgNmGcALabGHJoFpQqzKpyKD4cQwsQLLM8FXb0VYM
gv+zwvyVx8qwwOGjzB05A487BY+ipW2L6U3NTntc+DC81lJ2ri2NsXaaftO0RaaR
KcF8Peymq+Do3xx2xQ2hadBZGn2zI416zdfEsQY37eEOOAIXNRRr2AJyUw9ph/cQ
XgYRTId6AMqFJP72pwZg1qthtT+vrVdtbcF6YkmnFXxj72B/04mVxfPRdT2jxven
0qnd4Gv5H6j67bWLEw9uxgi9NfxDLSeZIQiqs0t8l2Db9eeUQ2w8uW4o13IxD+cC
1mFZZ51XAySYTUymyTaBVfV2pDVNs+locdyImtxOE4XtYnKko5GcxKlPIYNXSVNe
O3CIaIyWnHObrcVvRGkHDjifqO866vT1WmiyPgFeXupN4lwlGpU3U23kzYpbk56L
jzuOqZJw64/lInSE5nui9t1xldxc946TMNA61ASmEIUivSTOKc2l+cCrA/83Ow02
8x7V5EMefwHseLlT3TXa
=bhFD
-----END PGP SIGNATURE-----