Back to postgresql PTS page

Accepted postgresql 7.4.7-6sarge5 (source i386 all)

To: debian-changes@lists.debian.org
Subject: Accepted postgresql 7.4.7-6sarge5 (source i386 all)
From: Martin Pitt <mpitt@debian.org>
Date: Wed, 22 Aug 2007 07:56:52 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1INl5A-0001yb-Ml@ries.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@ftp-master.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 20 Apr 2007 11:30:38 +0200
Source: postgresql
Binary: postgresql-client libecpg4 libpgtcl-dev libpq3 postgresql-doc libecpg-dev postgresql-dev postgresql libpgtcl postgresql-contrib
Architecture: source i386 all
Version: 7.4.7-6sarge5
Distribution: oldstable-security
Urgency: high
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description: 
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg4   - run-time library for ECPG programs
 libpgtcl   - Tcl procedural language, library and front-end for PostgreSQL
 libpgtcl-dev - Tcl library for PostgreSQL - development files
 libpq3     - PostgreSQL C client library
 postgresql - object-relational SQL database management system
 postgresql-client - front-end programs for PostgreSQL
 postgresql-contrib - additional facilities for PostgreSQL
 postgresql-dev - development files for libpq (PostgreSQL library)
 postgresql-doc - documentation for the PostgreSQL database management system
Changes: 
 postgresql (7.4.7-6sarge5) oldstable-security; urgency=high
 .
   * SECURITY UPDATE: User privilege escalation.
   * Add debian/patches/62secure_search_path.path:
     - Support explicit placement of the temporary-table schema within
       search_path.  This is needed to allow a security-definer function to set a
       truly secure value of search_path.  Without it, a malicious user can use
       temporary objects to execute code with the privileges of the
       security-definer function.  Even pushing the temp schema to the back of
       the search path is not quite good enough, because a function or operator
       at the back of the path might still capture control from one nearer the
       front due to having a more exact datatype match.  Hence, disable searching
       the temp schema altogether for functions and operators. [CVE-2007-2138]
     - Patch backported from 7.4.17 CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/namespace.c.diff?r1=1.58;r2=1.58.2.1
     - Add test cases for the placement of the temp schema in the search path.
       Backported from 7.4.17 CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/temp.out.diff?r1=1.9;r2=1.9.2.1
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/temp.sql.diff?r1=1.5;r2=1.5.4.1
   * Add debian/docs.patch: manpage and HTML documentation patches which
     explain the changes above. Upstream keeps them in the SGML source, but
     since we do not build this and instead use the pre-built files which come
     in man.tar.gz and postgresql.tar.gz, we cannot use a regular
     debian/patches/ patch for this.
   * debian/rules: Apply debian/docs.patch in the install target to update the
     files in the binary install directories.
Files: 
 42364a5bc0fbda1e5ec7100b8f3fc8b9 985 misc optional postgresql_7.4.7-6sarge5.dsc
 6546035d00ff6536cb8b6dbdf8491659 197037 misc optional postgresql_7.4.7-6sarge5.diff.gz
 f4af6b5d537415580d0f2bd7e625f28f 2269634 doc optional postgresql-doc_7.4.7-6sarge5_all.deb
 e92888dde398de6637cc6686ca900f7e 3801758 misc optional postgresql_7.4.7-6sarge5_i386.deb
 cdac43dd3b3e669c524f939db8f5c755 540308 misc optional postgresql-client_7.4.7-6sarge5_i386.deb
 b89b25ac78829c550789fc0c042a0969 517604 libdevel optional postgresql-dev_7.4.7-6sarge5_i386.deb
 71a0df3eb8af64d10eae8413a3aa02b7 129396 libs optional libpq3_7.4.7-6sarge5_i386.deb
 2d2732964bfb537535af6d9ebc77e33c 96294 libs optional libecpg4_7.4.7-6sarge5_i386.deb
 dc044eab8600c9dc4acc68314529a365 208340 libdevel optional libecpg-dev_7.4.7-6sarge5_i386.deb
 31ecb4321020e974b743d5b001f0d845 79188 libs optional libpgtcl_7.4.7-6sarge5_i386.deb
 1afed3a2e4530040e358392bcda5f710 56800 libdevel optional libpgtcl-dev_7.4.7-6sarge5_i386.deb
 9228e22f7d6b7e9f9ae9e69cba579ed9 627058 misc optional postgresql-contrib_7.4.7-6sarge5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGZwJ3Xm3vHE4uyloRAmswAKDbvsUMosxiDfHt6uW36o9c949qkwCg1/Wt
ZylAheV3VoVQKUZEMvuz4W0=
=HnD5
-----END PGP SIGNATURE-----


Accepted:
libecpg-dev_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_i386.deb
libecpg4_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/libecpg4_7.4.7-6sarge5_i386.deb
libpgtcl-dev_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_i386.deb
libpgtcl_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/libpgtcl_7.4.7-6sarge5_i386.deb
libpq3_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/libpq3_7.4.7-6sarge5_i386.deb
postgresql-client_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/postgresql-client_7.4.7-6sarge5_i386.deb
postgresql-contrib_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_i386.deb
postgresql-dev_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_i386.deb
postgresql-doc_7.4.7-6sarge5_all.deb
  to pool/main/p/postgresql/postgresql-doc_7.4.7-6sarge5_all.deb
postgresql_7.4.7-6sarge5.diff.gz
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge5.diff.gz
postgresql_7.4.7-6sarge5.dsc
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge5.dsc
postgresql_7.4.7-6sarge5_i386.deb
  to pool/main/p/postgresql/postgresql_7.4.7-6sarge5_i386.deb