-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 04 Jan 2008 15:31:29 +0100 Source: postgresql-7.4 Binary: postgresql-plpython-7.4 postgresql-client-7.4 postgresql-7.4 postgresql-contrib-7.4 postgresql-doc-7.4 postgresql-plperl-7.4 postgresql-server-dev-7.4 postgresql-pltcl-7.4 Architecture: source i386 all Version: 1:7.4.19-0etch1 Distribution: stable-security Urgency: low Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Description: postgresql-7.4 - object-relational SQL database, version 7.4 server postgresql-client-7.4 - front-end programs for PostgreSQL 7.4 postgresql-contrib-7.4 - additional facilities for PostgreSQL postgresql-doc-7.4 - documentation for the PostgreSQL database management system postgresql-plperl-7.4 - PL/Perl procedural language for PostgreSQL 7.4 postgresql-plpython-7.4 - PL/Python procedural language for PostgreSQL 7.4 postgresql-pltcl-7.4 - PL/Tcl procedural language for PostgreSQL 7.4 postgresql-server-dev-7.4 - development files for PostgreSQL 7.4 server-side programming Changes: postgresql-7.4 (1:7.4.19-0etch1) stable-security; urgency=low . * New upstream bugfix release 7.4.18: - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. [CVE-2007-3278, CVE-2007-3280] - Make "CREATE DOMAIN ... DEFAULT NULL" work properly. - Fix excessive logging of SSL error messages. - Fix crash when log_min_error_statement logging runs out of memory. - Prevent "CLUSTER" from failing due to attempting to process temporary tables of other sessions. * New upstream security/bugfix release 7.4.19: - Prevent functions in indexes from executing with the privileges of the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden within a SECURITY DEFINER context. [CVE-2007-6600] - Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067] - Require non-superusers who use "/contrib/dblink" to use only password authentication, as a security measure. The fix that appeared for this in 8.2.5 was incomplete, as it plugged the hole for only some "dblink" functions. [CVE-2007-6601, CVE-2007-3278] - Fix planner failure in some cases of WHERE false AND var IN (SELECT ...). - Fix potential crash in translate() when using a multibyte database encoding. - Fix PL/Python to not crash on long exception messages. - ecpg parser fixes. - Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a category in its own right, rather than crashing. - Fix tsvector and tsquery output routines to escape backslashes correctly. - Fix crash of to_tsvector() on huge input strings. * debian/patches/21_krb5_check_hostname.patch: Adapt to new upstream release. Files: 7ee8eddca94332da692274ba8cfe7c32 1126 misc optional postgresql-7.4_7.4.19-0etch1.dsc b2b5c751263ddbe930f968f27681c862 10031202 misc optional postgresql-7.4_7.4.19.orig.tar.gz ad11d2450a6067420202adc76be2f3ca 33402 misc optional postgresql-7.4_7.4.19-0etch1.diff.gz cd876c31c255ffd93961a8b7648fd1ce 1282356 doc optional postgresql-doc-7.4_7.4.19-0etch1_all.deb a2c72ce7fec9195113d71cda830583b4 525244 libdevel optional postgresql-server-dev-7.4_7.4.19-0etch1_all.deb 5cac69d1baa16515d9bc144400683643 3382724 misc optional postgresql-7.4_7.4.19-0etch1_i386.deb c5223d3a56a48fb86728a5f0e034e6e4 1110108 misc optional postgresql-client-7.4_7.4.19-0etch1_i386.deb d0f1dcad3e13a6130cb467116a40ee1b 571698 misc optional postgresql-contrib-7.4_7.4.19-0etch1_i386.deb 812343b3e8d4ffb11584ff8f671d568d 121542 misc optional postgresql-plperl-7.4_7.4.19-0etch1_i386.deb ed3cc8ed8a76701355a7264dad818f01 123904 misc optional postgresql-plpython-7.4_7.4.19-0etch1_i386.deb 92dd9cd7a1fbbb8656d700723689775d 125898 misc optional postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHh5qeDecnbV4Fd/IRAtjGAKDrrtj1QsHT+Sh9t+C209f3W55oqQCfZbeP Lrup4Dm8TZtX8AE0XKwPoP8= =SDgT -----END PGP SIGNATURE----- Accepted: postgresql-7.4_7.4.19-0etch1.diff.gz to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.diff.gz postgresql-7.4_7.4.19-0etch1.dsc to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.dsc postgresql-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_i386.deb postgresql-7.4_7.4.19.orig.tar.gz to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.19.orig.tar.gz postgresql-client-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_i386.deb postgresql-contrib-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_i386.deb postgresql-doc-7.4_7.4.19-0etch1_all.deb to pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.19-0etch1_all.deb postgresql-plperl-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_i386.deb postgresql-plpython-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_i386.deb postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb to pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb postgresql-server-dev-7.4_7.4.19-0etch1_all.deb to pool/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.19-0etch1_all.deb