Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postgresql-15 15.2-1 (source) into unstable
Date: Thu, 09 Feb 2023 14:40:18 +0000
Signed by: Christoph Berg <myon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Feb 2023 14:57:10 +0100
Source: postgresql-15
Architecture: source
Version: 15.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-15 (15.2-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + libpq can leak memory contents after GSSAPI transport encryption
       initiation fails (Jacob Champion)
 .
       A modified server, or an unauthenticated man-in-the-middle, can send a
       not-zero-terminated error message during setup of GSSAPI (Kerberos)
       transport encryption.  libpq will then copy that string, as well as
       following bytes in application memory up to the next zero byte, to its
       error report. Depending on what the calling application does with the
       error report, this could result in disclosure of application memory
       contents.  There is also a small probability of a crash due to reading
       beyond the end of memory.  Fix by properly zero-terminating the server
       message. (CVE-2022-41862)
Checksums-Sha1:
 1582682bab8d0eac9c3c06d330c786f7996d30bd 3878 postgresql-15_15.2-1.dsc
 8c7706a7ef267e49026434378836b76e4d4ad532 22688379 postgresql-15_15.2.orig.tar.bz2
 4c1571187ba20c09169797c6279af4c774496055 22528 postgresql-15_15.2-1.debian.tar.xz
Checksums-Sha256:
 20e89ad20ef0b4edc3527926e019024cb9398454f121e3640aad24fbd7e66107 3878 postgresql-15_15.2-1.dsc
 99a2171fc3d6b5b5f56b757a7a3cb85d509a38e4273805def23941ed2b8468c7 22688379 postgresql-15_15.2.orig.tar.bz2
 20ae9286ecbae9d4ffa16e871c6bbfcf644532e95a1ca5c7524315a6278aa3c5 22528 postgresql-15_15.2-1.debian.tar.xz
Files:
 570f14d90382b9409356ecb974be7c3d 3878 database optional postgresql-15_15.2-1.dsc
 968418dbdd700caaccfeabcee7516496 22688379 database optional postgresql-15_15.2.orig.tar.bz2
 184c9135138e2c4758e3652f4fc1e225 22528 database optional postgresql-15_15.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmPirPoACgkQTFprqxLS
p64z3Q//S9wvB2tGRfcyyvbkayE/lPhQbpoE97Rbt4/5SCf+6A/hnXputAFzCuiT
3tgacJbDcbIkqZgSYtM/Y8U+fpE6SbW1Ma3JgA0CAS/hvkfO95lWz24R/Gr6aDdm
nCmer0IZKKKqX6C+Ty3/uM7AG8ZvWfRT9VsIUtZBCJNLe6p7jhK2C/QfwdtxZjm6
XAtZcFfShldj/RpadHh12gZWWkQmyYEKMQnKNc+upKJSSfEr9Iq/cVgUM6dwqu7V
efymLhMYojq8rhrvBPVbt3NWor6IdIkaNOXhBP243aq6yTVLGey7kK3mVHoj/r1J
YQvDtoVMUOrxuN4UFLXuOk7ZiwP8iQd6Vgiso9UhFT1vaQ+LFtGiakRsbrCcXDc0
NwRyIRtE4bg9lGK4XdlDF4G4Ki9EoonS2H6RmbvSV8qFDkaSxjYXpxjJGL6SkH5H
ukaNZknWFfjKK7a0o370JjgiPBeRZ+ggFZx/+0h0NoVYXmHmDae2ntE9yShGrMqJ
HfDwdmB0GREdM9I5qOv4664+7oGsxJIVj7iJhVwFKZjBcsg2tF7mKUnF9oVFeIeW
219y2wSqSSlGwo3o+a9gUfXJql+K+FGFPpy8nUuSsCX2eHwkUZpw2ICE90tLi9rX
gp1xAi51F/FSMzI8A+P3RxMT69/+Pfqqwn6AmVmZu0BGMAj8ijg=
=LNRk
-----END PGP SIGNATURE-----
News for package postgresql-15
