-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 22 May 2006 10:33:20 +0200 Source: postgresql-8.1 Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg-compat2 libecpg5 libecpg-dev postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1 Architecture: source i386 all Version: 8.1.4-1 Distribution: unstable Urgency: medium Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <martin.pitt@ubuntu.com> Description: libecpg-compat2 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg5 - run-time library for ECPG programs libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1 libpq-dev - header files for libpq4 (PostgreSQL library) libpq4 - PostgreSQL C client library postgresql-8.1 - object-relational SQL database, version 8.1 server postgresql-client-8.1 - front-end programs for PostgreSQL 8.1 postgresql-contrib-8.1 - additional facilities for PostgreSQL postgresql-doc-8.1 - documentation for the PostgreSQL database management system postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1 postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1 postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1 postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming Closes: 362488 Changes: postgresql-8.1 (8.1.4-1) unstable; urgency=medium . * New upstream security and bug fix release: - The server now rejects invalidly-encoded multibyte characters in all cases to defend against SQL-injection attacks. [CVE-2006-2313] - Reject unsafe uses of \' in string literals (for client encodings that allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A new configuration parameter backslash_quote is available to adjust this behavior when needed. [CVE-2006-2314] - Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping "by hand" should be modified to rely on library routines instead. - Various bug fixes, see upstream changelog for details. * Remove debian/patches/12-krb5-multiusers.patch: Fixed upstream. * debian/postgresql-8.1.init: Add a comment to point out that environment variables need to be set in the 'environment' file, not in the init script. * debian/postgresql-8.1.init, debian/postgresql-8.1.postinst: Do not fail if init.d-functions/maintscripts-functions are not present, which happens if postgresql-{8.1,common} are removed, but not purged. Closes: #362488 * Bump Standards-Version to 3.7.2. Files: bfe14f17ff56661f5526de0e5676ab5b 1095 misc optional postgresql-8.1_8.1.4-1.dsc c6554a0ef948ab2b18b617954e1788fe 11312643 misc optional postgresql-8.1_8.1.4.orig.tar.gz 38b34811c7650a03a2d336e76e8fe833 23567 misc optional postgresql-8.1_8.1.4-1.diff.gz f0db5ef63af00fa8f8fa6e6d496ff271 1552848 doc optional postgresql-doc-8.1_8.1.4-1_all.deb 74e46c1ad7759a675e98bdd466806520 4291192 misc optional postgresql-8.1_8.1.4-1_i386.deb f2ac0f40dfe59eef002ead1a4cf47f5a 1348078 misc optional postgresql-client-8.1_8.1.4-1_i386.deb a48b259bb1af7a0a273e3b52728a3261 595694 libdevel optional postgresql-server-dev-8.1_8.1.4-1_i386.deb 6743515674055bc365658e4a0dded57d 584414 misc optional postgresql-contrib-8.1_8.1.4-1_i386.deb 021523cf0e5745511bf6af1319f633b9 166408 misc optional postgresql-plperl-8.1_8.1.4-1_i386.deb ee8ab8d19f9e500cdd7efadfa723792b 159428 misc optional postgresql-plpython-8.1_8.1.4-1_i386.deb ad28153ef1f026865cf2b35a80d8ac57 160944 misc optional postgresql-pltcl-8.1_8.1.4-1_i386.deb d383e51df7e479aeccdd36eb5d66c07a 311222 libdevel optional libpq-dev_8.1.4-1_i386.deb 0ac29a7f282046b71dbca2224b68fa78 258288 libs optional libpq4_8.1.4-1_i386.deb d61501b0a131fa3c7b5dce8ab268de35 169772 libs optional libecpg5_8.1.4-1_i386.deb 881bce349d33269721a3ea53d9f2468d 335942 libdevel optional libecpg-dev_8.1.4-1_i386.deb 3c26e4e7b5d8f2748fa9f0b365a90245 150252 libs optional libecpg-compat2_8.1.4-1_i386.deb d8947525c941ff43f529caa961398317 172952 libs optional libpgtypes2_8.1.4-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEcYINDecnbV4Fd/IRAsYPAKDW+1wJqdw73fzjfDpqW/KuZyF1VQCggMMy uZO8GlNYpD8+sw+t1tkg1iQ= =hWD+ -----END PGP SIGNATURE----- Accepted: libecpg-compat2_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-1_i386.deb libecpg-dev_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-1_i386.deb libecpg5_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libecpg5_8.1.4-1_i386.deb libpgtypes2_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-1_i386.deb libpq-dev_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libpq-dev_8.1.4-1_i386.deb libpq4_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/libpq4_8.1.4-1_i386.deb postgresql-8.1_8.1.4-1.diff.gz to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-1.diff.gz postgresql-8.1_8.1.4-1.dsc to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-1.dsc postgresql-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-1_i386.deb postgresql-8.1_8.1.4.orig.tar.gz to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz postgresql-client-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-1_i386.deb postgresql-contrib-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-1_i386.deb postgresql-doc-8.1_8.1.4-1_all.deb to pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-1_all.deb postgresql-plperl-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-1_i386.deb postgresql-plpython-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-1_i386.deb postgresql-pltcl-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-1_i386.deb postgresql-server-dev-8.1_8.1.4-1_i386.deb to pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-1_i386.deb