Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted postgresql-11 11.19-0+deb10u1 (source) into oldstable
Date: Fri, 10 Feb 2023 10:50:21 +0000
Signed by: Christoph Berg <myon@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Feb 2023 17:14:48 +0100
Source: postgresql-11
Architecture: source
Version: 11.19-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-11 (11.19-0+deb10u1) buster-security; urgency=medium
 .
   * New upstream version.
 .
     + libpq can leak memory contents after GSSAPI transport encryption
       initiation fails (Jacob Champion)
 .
       A modified server, or an unauthenticated man-in-the-middle, can send a
       not-zero-terminated error message during setup of GSSAPI (Kerberos)
       transport encryption.  libpq will then copy that string, as well as
       following bytes in application memory up to the next zero byte, to its
       error report. Depending on what the calling application does with the
       error report, this could result in disclosure of application memory
       contents.  There is also a small probability of a crash due to reading
       beyond the end of memory.  Fix by properly zero-terminating the server
       message. (CVE-2022-41862)
Checksums-Sha1:
 2aaed70889bf4c746a0c2d8e07b7cb65bdffd0de 3745 postgresql-11_11.19-0+deb10u1.dsc
 bdedc14451403f96d4ca8e26a17f97e3b0afaa5b 20457793 postgresql-11_11.19.orig.tar.bz2
 f1fd9a3e57660221d27647da3dcf384a9d909cb4 28740 postgresql-11_11.19-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 663f4e1d38c8efedf890dd95aa9d443e6e6ea24f73f22f520a8a185d4717fc98 3745 postgresql-11_11.19-0+deb10u1.dsc
 13109e2b71f1139405c27201da3733a61ace72ee1c228d9c9f0320e06aee14c2 20457793 postgresql-11_11.19.orig.tar.bz2
 e874621849ec4696824b96cbc0d28bdd663d9ad1b9d97d5f273b3bb9774d9268 28740 postgresql-11_11.19-0+deb10u1.debian.tar.xz
Files:
 6ca7f507b256d58aba17ece31212255c 3745 database optional postgresql-11_11.19-0+deb10u1.dsc
 bf9dcee07bb35e8bf4e206d17a585640 20457793 database optional postgresql-11_11.19.orig.tar.bz2
 d446f40abffaf911bb61e3e50dfbe912 28740 database optional postgresql-11_11.19-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmPmHtcACgkQTFprqxLS
p64QORAAqbH95ycBdeFTlyCw5NlwI7drHB8Rlc7Ouetz8h5lMLxpYcxIp7spZ723
ZbFgy6AJdF3drw6Q30F1ERdy1usOzmD93EBZ+Dsoyp2D4Hop6f2vKvZzhQe0ttle
RBXW5X/92Gq1WU95+Dcju+S8+jA+J68rrwvwyGAltAW0MFz0kdQ2t295VT7qvEbg
kbe4aFrvtEbRUj2JwRDJdO8yiXgQf6R+049e5FK+n5jv+kxkwKqZ+Hk47zQJSQ6h
o4NWk64TX17V5g9UN7kspmGJopWePgQuAnw2A7VfDZa0yCSW5cjvYI8fGUR6vmkE
xJk40GkEOycZcJ2XI7GhbHTJsael1uwNBTdZ4g2csKZRIKZG0NyF4Uvukawbp9Nh
7Xn6tX15H/lWJ5a1paqxBx8H1ApSDn575WTO1y5oWW+KpDpxPYh05mReyFRyug7E
7vGCoIUmqzJLJLohdTkQeWLWuEoZbz8sDfY2AVc96ZN/h8ShSwEdoAekD7YkdOBh
U8NI8hMVYvyU559mfnDZYvVr4n7VwjKXe/KB0XaYSjtn6Q6DZ8jkygMb2mREZ/j4
LNq3NHXmjDsCVhtBDmfalzh1c9OLG+SRdTB4YdwUpANiY64+SL6BrBSX8x3F47KB
bx9gHSdH+KL85Gpx5cF+mYH9VLFP1FK+RJT3kfI13vN+ZW3icyI=
=18hu
-----END PGP SIGNATURE-----

News for package postgresql-11