-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Jan 2008 16:56:28 +0100
Source: postgresql-8.1
Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg5 libecpg-compat2 libecpg-dev postgresql-client-8.1 postgresql-contrib-8.1 postgresql-server-dev-8.1
Architecture: source i386 all
Version: 8.1.11-0etch1
Distribution: stable-security
Urgency: low
Maintainer: Martin Pitt <mpitt@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
libecpg-compat2 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg5 - run-time library for ECPG programs
libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1
libpq-dev - header files for libpq4 (PostgreSQL library)
libpq4 - PostgreSQL C client library
postgresql-8.1 - object-relational SQL database, version 8.1 server
postgresql-client-8.1 - front-end programs for PostgreSQL 8.1
postgresql-contrib-8.1 - additional facilities for PostgreSQL
postgresql-doc-8.1 - documentation for the PostgreSQL database management system
postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1
postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1
postgresql-pltcl-8.1 - PL/Tcl procedural language for PostgreSQL 8.1
postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming
Changes:
postgresql-8.1 (8.1.11-0etch1) stable-security; urgency=low
.
* New upstream security/bugfix release:
- Prevent functions in indexes from executing with the privileges of
the user running "VACUUM", "ANALYZE", etc. "SET ROLE" is now forbidden
within a SECURITY DEFINER context. [CVE-2007-6600]
- Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory
consumption, all of which pose denial-of-service hazards for
applications that accept regex search patterns from untrustworthy
sources. [CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]
- Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure.
The fix that appeared for this in 8.2.5 was incomplete, as it
plugged the hole for only some "dblink" functions. [CVE-2007-6601,
CVE-2007-3278]
- Fix bugs in WAL replay for GIN indexes.
- Fix GIN index build to work properly when maintenance_work_mem is
4GB or more.
- Improve planner's handling of LIKE/regex estimation in non-C
locales.
- Fix planning-speed problem for deep outer-join nests, as well as
possible poor choice of join order.
- Fix planner failure in some cases of WHERE false AND var IN (SELECT
...).
- Make "CREATE TABLE ... SERIAL" and "ALTER SEQUENCE ... OWNED BY"
not change the currval() state of the sequence.
- Preserve the tablespace and storage parameters of indexes that are
rebuilt by "ALTER TABLE ... ALTER COLUMN TYPE".
- Make archive recovery always start a new WAL timeline, rather than
only when a recovery stop time was used. This avoids a corner-case risk
of trying to overwrite an existing archived copy of the last WAL
segment, and seems simpler and cleaner than the original definition.
- Make "VACUUM" not use all of maintenance_work_mem when the table is
too small for it to be useful.
- Fix potential crash in translate() when using a multibyte database
encoding.
- Make corr() return the correct result for negative correlation
values.
- Fix overflow in extract(epoch from interval) for intervals
exceeding 68 years.
- Fix PL/Perl to not fail when a UTF-8 regular expression is used in
a trusted function.
- Fix PL/Python to work correctly with Python 2.5 on 64-bit machines
(Marko Kreen)
- Fix PL/Python to not crash on long exception messages.
- Fix pg_dump to correctly handle inheritance child tables that have
default expressions different from their parent's.
- Fix libpq crash when PGPASSFILE refers to a file that is not a
plain file.
- ecpg parser fixes.
- Make "contrib/tablefunc"'s crosstab() handle NULL rowid as a
category in its own right, rather than crashing.
- Fix tsvector and tsquery output routines to escape backslashes
correctly.
- Fix crash of to_tsvector() on huge input strings.
Files:
118e1cfc403a8299dfa76fc1e267342e 1171 misc optional postgresql-8.1_8.1.11-0etch1.dsc
9eadd7e16f547a8ce1e0eec5de96632e 11444400 misc optional postgresql-8.1_8.1.11.orig.tar.gz
c4858189bfd1ef7b426d7ad337293a00 35762 misc optional postgresql-8.1_8.1.11-0etch1.diff.gz
fc757ca9e80c49309458624a4d6fd3ab 1597344 doc optional postgresql-doc-8.1_8.1.11-0etch1_all.deb
8edaaf6888ab48b74132da1ff9465199 333814 libdevel optional libpq-dev_8.1.11-0etch1_i386.deb
c0539ad7f6398157baa7edbcefa70f35 277312 libs optional libpq4_8.1.11-0etch1_i386.deb
cfedb34389b4dbcb6943a07b36a2d576 187642 libs optional libecpg5_8.1.11-0etch1_i386.deb
f60ddea50db8aa7cd534c0453cd23d5a 354808 libdevel optional libecpg-dev_8.1.11-0etch1_i386.deb
3172d106b9d2a0b07704e5d54c759a09 167228 libs optional libecpg-compat2_8.1.11-0etch1_i386.deb
b236d5aee0d1c56976086ee341769a97 189320 libs optional libpgtypes2_8.1.11-0etch1_i386.deb
00b00a934c4e9452cfac1088e0226ddc 4288660 misc optional postgresql-8.1_8.1.11-0etch1_i386.deb
2647366c2c5e3f6ad7fc6973f0a2d761 1422416 misc optional postgresql-client-8.1_8.1.11-0etch1_i386.deb
7ba6b7c533d94b2c8503d7b5a3af1ce6 614612 libdevel optional postgresql-server-dev-8.1_8.1.11-0etch1_i386.deb
92357426f909eef72992b68cafd7a7e1 607444 misc optional postgresql-contrib-8.1_8.1.11-0etch1_i386.deb
253aa290befff3621d773156b59c6c4e 183540 misc optional postgresql-plperl-8.1_8.1.11-0etch1_i386.deb
34ea5de587476536d40e09bb2c4e5348 176284 misc optional postgresql-plpython-8.1_8.1.11-0etch1_i386.deb
7fb0712c60c7fcedda0bd0072cda73a8 177926 misc optional postgresql-pltcl-8.1_8.1.11-0etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHh5c3DecnbV4Fd/IRAhgEAKC9UAxNdLrHi25nsYYNaXTtxryougCg8sRu
9VtbV3lLUPux/OhqYvvvIy8=
=pulf
-----END PGP SIGNATURE-----
Accepted:
libecpg-compat2_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_i386.deb
libecpg-dev_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_i386.deb
libecpg5_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_i386.deb
libpgtypes2_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_i386.deb
libpq-dev_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_i386.deb
libpq4_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_i386.deb
postgresql-8.1_8.1.11-0etch1.diff.gz
to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.diff.gz
postgresql-8.1_8.1.11-0etch1.dsc
to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.dsc
postgresql-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_i386.deb
postgresql-8.1_8.1.11.orig.tar.gz
to pool/main/p/postgresql-8.1/postgresql-8.1_8.1.11.orig.tar.gz
postgresql-client-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_i386.deb
postgresql-contrib-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_i386.deb
postgresql-doc-8.1_8.1.11-0etch1_all.deb
to pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.11-0etch1_all.deb
postgresql-plperl-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_i386.deb
postgresql-plpython-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_i386.deb
postgresql-pltcl-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_i386.deb
postgresql-server-dev-8.1_8.1.11-0etch1_i386.deb
to pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_i386.deb
