Back to postgresql PTS page

Accepted postgresql 7.4.7-6sarge4 (source i386 all)

To: debian-changes@lists.debian.org
Subject: Accepted postgresql 7.4.7-6sarge4 (source i386 all)
From: Martin Pitt <mpitt@debian.org>
Date: Sat, 17 Feb 2007 12:10:22 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1HIOOU-0005Rn-OM@ries.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@ftp-master.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  4 Feb 2007 21:46:34 +0100
Source: postgresql
Binary: postgresql-client libecpg4 libpgtcl-dev libpq3 postgresql-doc libecpg-dev postgresql-dev postgresql libpgtcl postgresql-contrib
Architecture: source i386 all
Version: 7.4.7-6sarge4
Distribution: stable-security
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg4   - run-time library for ECPG programs
 libpgtcl   - Tcl procedural language, library and front-end for PostgreSQL
 libpgtcl-dev - Tcl library for PostgreSQL - development files
 libpq3     - PostgreSQL C client library
 postgresql - object-relational SQL database management system
 postgresql-client - front-end programs for PostgreSQL
 postgresql-contrib - additional facilities for PostgreSQL
 postgresql-dev - development files for libpq (PostgreSQL library)
 postgresql-doc - documentation for the PostgreSQL database management system
Changes: 
 postgresql (7.4.7-6sarge4) stable-security; urgency=low
 .
   * SECURITY UPDATE: Read out arbitrary memory locations from the server,
     local DoS.
   * Add debian/patches/60sql_fun_typecheck.patch:
     - Repair insufficiently careful type checking for SQL-language functions.
       Not only can one trivially crash the backend, but with appropriate
       misuse of pass-by-reference datatypes it is possible to read out
       arbitrary locations in the server process's memory, which could allow
       retrieving database content the user should not be able to see.
     - Discovered by Jeff Trout.
     - Patch backported from 7.4.16 from CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.75.2.1;r2=1.75.2.2
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.154.2.4;r2=1.154.2.5
     - CVE-2007-0555
   * Add debian/patches/61max_utf8_wchar_len.patch:
     - Update various string functions to support the maximum UTF-8 sequence
       length for 4-byte character set to prevent buffer overflows.
     - Patch backported from 7.4.16 from CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.34.2.2;r2=1.34.2.3
Files: 
 de5120c58a4e9b9aae438fb99f8b7ec0 985 misc optional postgresql_7.4.7-6sarge4.dsc
 e977e480e0c8355d618cf1ce89f837eb 190657 misc optional postgresql_7.4.7-6sarge4.diff.gz
 447f1f950fcaf70c26f34fc434ef916f 2267500 doc optional postgresql-doc_7.4.7-6sarge4_all.deb
 6e463595ef31b82d83168a400537d461 3799884 misc optional postgresql_7.4.7-6sarge4_i386.deb
 dd94f235e33bd902ad0c1823958201a7 539990 misc optional postgresql-client_7.4.7-6sarge4_i386.deb
 82075269a3b5244d12424314b8768ef5 516302 libdevel optional postgresql-dev_7.4.7-6sarge4_i386.deb
 8a8014bd10986ed46ff60d6349c958ee 128782 libs optional libpq3_7.4.7-6sarge4_i386.deb
 4ab2297836511eae9242d54ee74392e8 95700 libs optional libecpg4_7.4.7-6sarge4_i386.deb
 222c65e0e6579d9ad405f24180c239d8 207826 libdevel optional libecpg-dev_7.4.7-6sarge4_i386.deb
 d47257bc80be8d9a20015a3b6b9d0b58 78572 libs optional libpgtcl_7.4.7-6sarge4_i386.deb
 7337781eb3ed33d3acca9532dd8cdd85 56210 libdevel optional libpgtcl-dev_7.4.7-6sarge4_i386.deb
 a5937ef6381e5f951420d698d28dc802 626306 misc optional postgresql-contrib_7.4.7-6sarge4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFF03/1Xm3vHE4uyloRAnRcAKDVVY4RwoZP6zQpEbar1dlyTeuhRQCgtQtC
37xrXDVAI8KCic2EGEMzl+0=
=mIph
-----END PGP SIGNATURE-----


Accepted:
libecpg-dev_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_i386.deb
libecpg4_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/libecpg4_7.4.7-6sarge4_i386.deb
libpgtcl-dev_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_i386.deb
libpgtcl_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/libpgtcl_7.4.7-6sarge4_i386.deb
libpq3_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/libpq3_7.4.7-6sarge4_i386.deb
postgresql-client_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/postgresql-client_7.4.7-6sarge4_i386.deb
postgresql-contrib_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_i386.deb
postgresql-dev_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_i386.deb
postgresql-doc_7.4.7-6sarge4_all.deb
  to pool/main/p/postgresql/postgresql-doc_7.4.7-6sarge4_all.deb
postgresql_7.4.7-6sarge4.diff.gz
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge4.diff.gz
postgresql_7.4.7-6sarge4.dsc
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge4.dsc
postgresql_7.4.7-6sarge4_i386.deb
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge4_i386.deb