-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 18 Jun 2019 11:03:14 +0200
Source: postgresql-11
Architecture: source
Version: 11.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-11 (11.4-1) unstable; urgency=medium
.
* New upstream version.
+ Fix buffer-overflow hazards in SCRAM verifier parsing
(Jonathan Katz, Heikki Linnakangas, Michael Paquier)
.
Any authenticated user could cause a stack-based buffer overflow by
changing their own password to a purpose-crafted value. In addition to
the ability to crash the PostgreSQL server, this could suffice for
executing arbitrary code as the PostgreSQL operating system account.
.
A similar overflow hazard existed in libpq, which could allow a rogue
server to crash a client or perhaps execute arbitrary code as the
client's operating system account.
.
The PostgreSQL Project thanks Alexander Lakhin for reporting this
problem. (CVE-2019-10164)
Checksums-Sha1:
cce1cbc4a3308da4144464d66eb2c821dd0d463c 3706 postgresql-11_11.4-1.dsc
962721e866cb2f9e4d1e4768833180d7ba59f509 19759635 postgresql-11_11.4.orig.tar.bz2
106dfa216c0c0f05eb587bc11fa5c890a27808e3 24208 postgresql-11_11.4-1.debian.tar.xz
d7f53236e03a98af1c24751849d431f6858d97da 8730 postgresql-11_11.4-1_source.buildinfo
Checksums-Sha256:
1dedf265cfbac175b34a2f06f8fb67b07be0cee00c5ba340dcf5d3b70c7a5a7e 3706 postgresql-11_11.4-1.dsc
02802ddffd1590805beddd1e464dd28a46a41a5f1e1df04bab4f46663195cc8b 19759635 postgresql-11_11.4.orig.tar.bz2
346f7dca312b741a67a7429b84e48c7f69d41b9a6c5a66dbb46c607d76777d43 24208 postgresql-11_11.4-1.debian.tar.xz
e938dcf9466a96831e10499a4e49fa6b1859f88ef53875cc68b5026508cc2a66 8730 postgresql-11_11.4-1_source.buildinfo
Files:
0b74d2797ae5cdd477cfb9e8522c3acc 3706 database optional postgresql-11_11.4-1.dsc
dab5eed8a5f9204bf2f03a209eead4c3 19759635 database optional postgresql-11_11.4.orig.tar.bz2
26ab6100c63e05fd8f143748f61b6733 24208 database optional postgresql-11_11.4-1.debian.tar.xz
dcfd98dac0ecfa4f71d25b586a12591b 8730 database optional postgresql-11_11.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl0I7X8ACgkQTFprqxLS
p67DTw//fXLgmYMkVJXYqU+K9G4qrW0pXe0DpUwRLILud3iy0CRLs7n43Y5IFew3
KGyxDUh010WI4WKvlCX4IpI0cxmkejvdg1ZjUw9cmuE7aD5CBnyi0BbvGURR5WG2
n76DNQLPykUi/c9KeORhMSJZneIQ+2oalgkNFpGfZH2AisJ9/0NJvbhruwy/yzNS
ZmVw8DvDjJVkv/9cg41V1sDjF8sALw6fww9H7spGxaMrlQiyFJMgJKvTucLFFucH
IOM8u1vtozhT2BAM8NqEXMnPg/NE9PzzdS21yjgjfW0QYZQQBGp82+v2Sdw+sFn3
vDtKVtvLsf4fwgUHnRcknSE8PSORYm5xsOc+d4zNPqlMy1CRlRZmqiBKXht/9FKf
XAuONEtAz8jUQDJM24KswgQM9RJCIP8jwl/ydl6Tibo2TxE378cLXdkz6T5Thr4m
lkwQd6ZbppTTkzr4Ut/1Y9UNJrg3TFECjTkudMPvVopWGFuDoJskUr5hgTswn1+a
T+wyijgaCzobZ03Sa5PvqgHOwTVv+bQYbK70wjMtEaHhL/F38pw1IQd6F+Dr47DH
YYAK8R0S9hbX/kYPwwZ4m0mMye6qTbQg/zMR+jb8UDgAzRvSCZFxml9lRR2KZ2Qm
fIPL+wLMycoXzrQyFxLxWly8nIc3m8SKnCbTS75stA4IUf0TdD0=
=KiES
-----END PGP SIGNATURE-----
