-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Aug 2021 15:14:41 +0200 Source: postgresql-9.6 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6 Architecture: source Version: 9.6.23-0+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.6 - object-relational SQL database, version 9.6 server postgresql-9.6-dbg - debug symbols for postgresql-9.6 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6 postgresql-contrib-9.6 - additional facilities for PostgreSQL postgresql-doc-9.6 - documentation for the PostgreSQL database management system postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming Changes: postgresql-9.6 (9.6.23-0+deb9u1) stretch-security; urgency=medium . * New upstream version. . + Disallow SSL renegotiation more completely (Michael Paquier) . SSL renegotiation has been disabled for some time, but the server would still cooperate with a client-initiated renegotiation request. A maliciously crafted renegotiation request could result in a server crash (see OpenSSL issue CVE-2021-3449). Disable the feature altogether on OpenSSL versions that permit doing so, which are 1.1.0h and newer. Checksums-Sha1: b4d5e8f025ec0f0bffb025cdc715e480477e1696 3698 postgresql-9.6_9.6.23-0+deb9u1.dsc d7e09dc6cb551ac7893af44e701861d72821c373 19013235 postgresql-9.6_9.6.23.orig.tar.bz2 c9ea89c156c79dc179beebf479743ec0467a5dbc 31876 postgresql-9.6_9.6.23-0+deb9u1.debian.tar.xz Checksums-Sha256: 9c7cd869d355539f705239a55e40d6bb04fcad19686ed481deed824ae386f3a8 3698 postgresql-9.6_9.6.23-0+deb9u1.dsc a849f798401ab8c6dfa653ebbcd853b43f2200b4e3bc1ea3cb5bec9a691947b9 19013235 postgresql-9.6_9.6.23.orig.tar.bz2 5f362c3dd8305d779da8bdec168a5b1af874a5088e330b16980182c934d71c60 31876 postgresql-9.6_9.6.23-0+deb9u1.debian.tar.xz Files: 5322095d4f76e5e2c6fe64fccfcf3f44 3698 database optional postgresql-9.6_9.6.23-0+deb9u1.dsc 2345beeb56a0dff20e2d4f23f901d0a5 19013235 database optional postgresql-9.6_9.6.23.orig.tar.bz2 ed92f34efdfc2d4c450b65c0b2b2b6cb 31876 database optional postgresql-9.6_9.6.23-0+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmEnlUkACgkQTFprqxLS p67zUw//QeN5d9ravlcOBZmkfAwQgcRauzzx/+HJSq2pRa1sV6QlUvVQtBDlNiJt LKKbhTkbQSGumHLXEum2tr/c6F3XjCZPktHQUTr2VW+KWH9/k3RLbN8pJIHQ3XGE aIIvE6JFz7GO1X57ooPgYaFNc8NUdIDZHCxMYZaA8yKRzIcAPqG1jp5BPagETFmW Ki2b6elb/kl+4nL6R6bE6PDjBbsEtCcEzECeiLOvjiqefDz97ulxffO3lSfn3bXS nUkIrwqkAcHYBgCJBqdfQGP8Lia2Xc3/MVajWdO+BqWKU8iWvXJFSMJZ7jINE3mV Apyc282KiKEDOsxBb942W/LSgJvEBgE1XM6Lb3rIw4K59zUlU+KQnKjgBSUL7MsW Q/GfMcDbFCxaMFvsiFN8sQV9OUb7vqvfQab4sn/50RMr779QVFL3wFnnOSw9hfxe bsZKiFJhmQ+8IYPj8uepIHmDHLV1oKihxjIykChZ/CqUar9a7+9yiMD+aTp7JWzF HTNeGnnPBorAzw8kFGqQcUU+RmXbiDHuxjldSbu5DfYYu2tPmn6SpZ8W9RdfRh81 ZQsB2RDpHp92qNEZ70ZUloxhi6dJz9RI0EJ3+/SyWVuihJvkaDyYqWcqXT8l4dFx 7ePpCl/Q6UMBY2DaL+MCxMnX8QCFZfBI1/gLBjEv1L6r/sSt3uQ= =Rk6y -----END PGP SIGNATURE-----