Back to postgresql-9.4 PTS page

Accepted postgresql-9.4 9.4.2-1 (source amd64 all) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 20 May 2015 10:50:22 +0200
Source: postgresql-9.4
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4
Architecture: source amd64 all
Version: 9.4.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg@credativ.de>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-9.4 - object-relational SQL database, version 9.4 server
 postgresql-9.4-dbg - debug symbols for postgresql-9.4
 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4
 postgresql-contrib-9.4 - additional facilities for PostgreSQL
 postgresql-doc-9.4 - documentation for the PostgreSQL database management system
 postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4
 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4
 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4
 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4
 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming
Closes: 781361
Changes:
 postgresql-9.4 (9.4.2-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + Avoid possible crash when client disconnects just before the
       authentication timeout expires (Benkocs Norbert Attila)
 .
       If the timeout interrupt fired partway through the session shutdown
       sequence, SSL-related state would be freed twice, typically causing a
       crash and hence denial of service to other sessions.  Experimentation
       shows that an unauthenticated remote attacker could trigger the bug
       somewhat consistently, hence treat as security issue. (CVE-2015-3165)
 .
     + Improve detection of system-call failures (Noah Misch)
 .
       Our replacement implementation of snprintf() failed to check for errors
       reported by the underlying system library calls; the main case that
       might be missed is out-of-memory situations. In the worst case this
       might lead to information exposure, due to our code assuming that a
       buffer had been overwritten when it hadn't been. Also, there were a few
       places in which security-relevant calls of other system library
       functions did not check for failure.
 .
       It remains possible that some calls of the *printf() family of functions
       are vulnerable to information disclosure if an out-of-memory error
       occurs at just the wrong time.  We judge the risk to not be large, but
       will continue analysis in this area. (CVE-2015-3166)
 .
     + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
       or corrupt data (Noah Misch)
 .
       Previously, some cases of decryption with an incorrect key could report
       other error message texts.  It has been shown that such variance in
       error reports can aid attackers in recovering keys from other systems.
       While it's unknown whether pgcrypto's specific behaviors are likewise
       exploitable, it seems better to avoid the risk by using a
       one-size-fits-all message. (CVE-2015-3167)
 .
     + Protect against wraparound of multixact member IDs
       (Álvaro Herrera, Robert Haas, Thomas Munro)
 .
       Under certain usage patterns, the existing defenses against this might
       be insufficient, allowing pg_multixact/members files to be removed too
       early, resulting in data loss.
       The fix for this includes modifying the server to fail transactions that
       would result in overwriting old multixact member ID data, and improving
       autovacuum to ensure it will act proactively to prevent multixact member
       ID wraparound, as it does for transaction ID wraparound.
 .
     + pg_dump -Fd -Z compression level fixed. (Closes: #781361)
 .
   * Make postgresql-9.4 Recommends: postgresql-contrib-9.4.
   * Enable TAP tests.
   * Repository moved to git, update Vcs headers.
Checksums-Sha1:
 06d7f0ae54b07176726006a83eef2290c5db01dd 3490 postgresql-9.4_9.4.2-1.dsc
 c1ec1254a3ebcef71594000426efab7f07230fe5 17611143 postgresql-9.4_9.4.2.orig.tar.bz2
 1ec359bb2e1e8d18143e4953ac620f358c0e6a01 20828 postgresql-9.4_9.4.2-1.debian.tar.xz
 1917179cf216a7e7f8b03a7b46b4192405170483 161950 libpq-dev_9.4.2-1_amd64.deb
 3a5357f966965d97a34d9ecd3c78f6d24f94fc0a 121692 libpq5_9.4.2-1_amd64.deb
 fe1aa057d0b5dab988add00c58d1b93ff7701fb4 78304 libecpg6_9.4.2-1_amd64.deb
 bbf68615dac40666959d2920ae9e0b7866daa4c2 215358 libecpg-dev_9.4.2-1_amd64.deb
 302d1e246fb3b0b1cb56b2c584fac1da2f94265b 14052 libecpg-compat3_9.4.2-1_amd64.deb
 c4dc26dfa3fa873db04287df210589ff9ac705f5 36062 libpgtypes3_9.4.2-1_amd64.deb
 17bb46e4d27ca4da4fd11b6d588109f7e0e33218 3715920 postgresql-9.4_9.4.2-1_amd64.deb
 6fa8cc37640887afa016c8a513e2a4c8c17480a8 12041452 postgresql-9.4-dbg_9.4.2-1_amd64.deb
 588163026b681c6808c8399711436cd5344abe74 1069650 postgresql-client-9.4_9.4.2-1_amd64.deb
 935d2b421ea5ec6ec7bc0bbbeea30cc744c8b5be 635234 postgresql-server-dev-9.4_9.4.2-1_amd64.deb
 3e41c1c2e06b1a7275c831809f4044a1b3e2bf27 1825758 postgresql-doc-9.4_9.4.2-1_all.deb
 64b9166008433f3af6efed8207c257e41671e647 448526 postgresql-contrib-9.4_9.4.2-1_amd64.deb
 c92c3fa9d3f97f9fd68d91aab49d89d3596e5878 54986 postgresql-plperl-9.4_9.4.2-1_amd64.deb
 bacb885fa4132b38e9cdf337296ae05ca0ab3020 43224 postgresql-plpython-9.4_9.4.2-1_amd64.deb
 04dc5801f78ddf89e96ef17d944ade268d283de3 42742 postgresql-plpython3-9.4_9.4.2-1_amd64.deb
 1d5ee2b0878de6719f4ccda986541ef9055d104c 28890 postgresql-pltcl-9.4_9.4.2-1_amd64.deb
Checksums-Sha256:
 2e8f335d24414d45e4187e8f9dea308523e0abadf95a009c161eb5921ebf8d2f 3490 postgresql-9.4_9.4.2-1.dsc
 81fda191c165ba1d25d75cd0166ece5abdcb4a7f5eca01b349371e279ebb4d11 17611143 postgresql-9.4_9.4.2.orig.tar.bz2
 d9dc033f3fde0485d90415009cace71498847d15f23af6640ca8d5e8c0184c48 20828 postgresql-9.4_9.4.2-1.debian.tar.xz
 9a6a6cce9e8e57804a08c085da60b7f486c3413f94d88df3a8c1900a8b4c2f3e 161950 libpq-dev_9.4.2-1_amd64.deb
 2dcf4b384245cb216b7c732d0a44df1770ce43a3c8ad6e42ef281b53b097f40c 121692 libpq5_9.4.2-1_amd64.deb
 3e035eceee38949fd84c9882c61d4ad9d2a969e1816e540f24df683c4ebf59ef 78304 libecpg6_9.4.2-1_amd64.deb
 10bdc4e71629291108c9f961add4e0644382b49bbc98c80008b2e74b030e622e 215358 libecpg-dev_9.4.2-1_amd64.deb
 134164aa27cde457356573f4cde448cc71c90265cdb60df0a5db54646faacc39 14052 libecpg-compat3_9.4.2-1_amd64.deb
 86b3e7338fba1ab62e464e845483ac06dccffb175702ada284741b4c638e1791 36062 libpgtypes3_9.4.2-1_amd64.deb
 f3034af028ea53b1b4e5fabee19bb60477cf3592b66bcc88a829125dfc31352d 3715920 postgresql-9.4_9.4.2-1_amd64.deb
 cb7c9ea234845286d5c6f9f828bcb5535b6079be945f44c6e4dc56cbec20afc1 12041452 postgresql-9.4-dbg_9.4.2-1_amd64.deb
 6a0cc9bdc80ba54f956c98bb4a464d2054d8d0f7edd73dc7d37ab2f6a0191587 1069650 postgresql-client-9.4_9.4.2-1_amd64.deb
 1b68b55bc9c4f35c019844a5bdc4bd3e61c0cd80f728cdf120d72b61ec7e55be 635234 postgresql-server-dev-9.4_9.4.2-1_amd64.deb
 8facd64e8931432771c7fb49e41fef0e27a8cb9745439b065b7c1bf2a9ef322d 1825758 postgresql-doc-9.4_9.4.2-1_all.deb
 37454b88686bd693a444f4c09068251437d5ff4314856b307d71400951cb3e73 448526 postgresql-contrib-9.4_9.4.2-1_amd64.deb
 1773bb6168b8895dc803050bd3ab94df9c2a073e6c22667d6bddbc496ba634f0 54986 postgresql-plperl-9.4_9.4.2-1_amd64.deb
 0190851080720800fd721b8a7067c897f5ab55b80a25ae503d9919661fef5964 43224 postgresql-plpython-9.4_9.4.2-1_amd64.deb
 51b0f927ff83dfe45b14e59a011060864bfbb8ea0dc5dc55c3e49d96b1a63204 42742 postgresql-plpython3-9.4_9.4.2-1_amd64.deb
 022e61dd9d47f1560fbf832f97a9b213732a5bc06ddfb315dcbdfa2c4444a12a 28890 postgresql-pltcl-9.4_9.4.2-1_amd64.deb
Files:
 2fe14cbfc8464bf66f3efc6fa6d058b3 3490 database optional postgresql-9.4_9.4.2-1.dsc
 b6369156607a4fd88f21af6fec0f30b9 17611143 database optional postgresql-9.4_9.4.2.orig.tar.bz2
 7ca5a6301e08ef9dba67af732e11c47a 20828 database optional postgresql-9.4_9.4.2-1.debian.tar.xz
 4e4a19b14b5b38b752455a92a88e9fb3 161950 libdevel optional libpq-dev_9.4.2-1_amd64.deb
 1670873f38086f4cbca7c05a379480ca 121692 libs optional libpq5_9.4.2-1_amd64.deb
 1caf230291847e92b4722d2913562fd4 78304 libs optional libecpg6_9.4.2-1_amd64.deb
 8aca1c1e482b591ac5d74f8d5804b99a 215358 libdevel optional libecpg-dev_9.4.2-1_amd64.deb
 37719ddeaf6ae7adcb404a20e7fe8e41 14052 libs optional libecpg-compat3_9.4.2-1_amd64.deb
 ef44ec1d77177e650d5b4a6e13dded0b 36062 libs optional libpgtypes3_9.4.2-1_amd64.deb
 7d0f5a5fd5e0c12967e2370a26f2913a 3715920 database optional postgresql-9.4_9.4.2-1_amd64.deb
 b3bd73dcdf830d4cad5ab933cfba02d2 12041452 debug extra postgresql-9.4-dbg_9.4.2-1_amd64.deb
 348962307008c34fee34ac22f07dfb5e 1069650 database optional postgresql-client-9.4_9.4.2-1_amd64.deb
 9174bd325fadbc01efd7be75d05285c7 635234 libdevel optional postgresql-server-dev-9.4_9.4.2-1_amd64.deb
 ffd95a49cb5f79e2b86dbc40bc69bf59 1825758 doc optional postgresql-doc-9.4_9.4.2-1_all.deb
 0f0a995293c3d8fd05bf85415db8052b 448526 database optional postgresql-contrib-9.4_9.4.2-1_amd64.deb
 dfca74324af3a0776019d1f7c12a5009 54986 database optional postgresql-plperl-9.4_9.4.2-1_amd64.deb
 15452256f9d702cbf18bd43db8463aee 43224 database optional postgresql-plpython-9.4_9.4.2-1_amd64.deb
 f7e04a37f6eb910e9a843a44f058dc11 42742 database optional postgresql-plpython3-9.4_9.4.2-1_amd64.deb
 75f8aab77d7ff8a1b50e0aad26ecae37 28890 database optional postgresql-pltcl-9.4_9.4.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVXycNAAoJEExaa6sS0qeuiEAP/3knLQCccqpFprYCIznuU6T/
9fePRmjEgb8whYqzZ/GcOApqeoZTHXO1Mxr1DH9C6cZ0YdCSDarqkjE8SByLWiDy
aVbdGdJZ8J9DthZkj1TnCB1Cz5vyADsRkCoCDoxYxSjs7iWJl2gjpWDGnrFP5PyW
Ipxu3xGehMJ3mFnCuVB7InbPiXoHADU9FYYLQaTtKvSL+MHUxJ+aKPhRit8/XEo5
pJi3/MbnXx69R9Y/h1dtbhxNogFFmGmtbfxlk57ib5WqxQ8bgXPwDTuQ1WNd3J34
dSDED6si7sO1pXoLz78FpZTrEgwTehHmNtJQmJulkl5jul7F52cK4xN7kF4yLUTT
1ZJLlQBlm8fZhL9CBbJ71RZ1wzGCKBsvroj+l56Nae4G5+EEKBb8QQO8Ca8ZQOAZ
yf2e7fXHOZJpGoFHRcLmGL5Gd74qRaCzFfto/fWN9kK7Ht3XVMYKX5g382q+o4de
WDBY1I8W4yjubcpgFvJ2Cf1Avng3+K2QGK9jTkRzFxa7/evLoA4xznDYWk2xfLiY
NOqMvLSBp82R2yaR4q1tYB+nbEMBRsrwkjIFCf86mQ1kfLfqH18xfT81Rsq61LV0
2DCT4E2Hn3hCz71yB07YqB3Pw94O5KSRDGE5QSxlA1/meJA1Txvjk2BZjdoXegd7
WhqWm5Fkw3bGLI5nP/Ao
=NhYX
-----END PGP SIGNATURE-----