-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 15 May 2010 12:47:43 +0200 Source: postgresql-8.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all amd64 Version: 8.3.11-0lenny1 Distribution: stable-security Urgency: high Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 8.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-8.3 - object-relational SQL database, version 8.3 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-8.3 - front-end programs for PostgreSQL 8.3 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-8.3 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-8.3 - documentation for the PostgreSQL database management system postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming Changes: postgresql-8.3 (8.3.11-0lenny1) stable-security; urgency=high . * New upstream security/bug fix release: - Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using "Safe.pm". Recent developments have convinced us that "Safe.pm" is too insecure to rely on for making plperl trustable. This change removes use of "Safe.pm" altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules. PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted "normal" Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) - Fix possible crash if a cache reset message is received during rebuild of a relcache entry. This error was introduced in 8.3.10 while fixing a related failure. - Apply per-function GUC settings while running the language validator for the function. This avoids failures if the function's code is invalid without the setting; an example is that SQL functions may not parse if the search_path is not correct. - Do not allow an unprivileged user to reset superuser-only parameter settings. Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the "ALTER" will only remove the parameters that the user has permission to change. - Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries. In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. - Ensure the archiver process responds to changes in archive_command as soon as possible. - Update pl/perl's "ppport.h" for modern Perl versions. - Fix assorted memory leaks in pl/python. - Prevent infinite recursion in psql when expanding a variable that refers to itself. - Fix psql's \copy to not add spaces around a dot within \copy (select ...). Addition of spaces around the decimal point in a numeric literal would result in a syntax error. - Fix unnecessary "GIN indexes do not support whole-index scans" errors for unsatisfiable queries using "contrib/intarray" operators. - Ensure that "contrib/pgstattuple" functions respond to cancel interrupts promptly. Checksums-Sha1: 1c79672d512d4f2dded50d0eb8cbfc5c2eb6a876 1673 postgresql-8.3_8.3.11-0lenny1.dsc fcbba9d680f1ee882588bf20bb443f93f6d3c4bf 13913683 postgresql-8.3_8.3.11.orig.tar.gz 1132635252a450029f3ab0133c8cdf306e18a8ff 50334 postgresql-8.3_8.3.11-0lenny1.diff.gz 2d4ad6d5cd2cf1e53e5fb58b16a0875933176de4 2194706 postgresql-doc-8.3_8.3.11-0lenny1_all.deb 2a4bd5b303a3bb28b943a193998f5766997c1aea 263636 postgresql_8.3.11-0lenny1_all.deb b970d5f3c532ac4401f671eb31acfe7a5b59733e 263608 postgresql-client_8.3.11-0lenny1_all.deb a2a6f2de2f696c5ac08ed07de95ed533bfbbdfc8 263450 postgresql-doc_8.3.11-0lenny1_all.deb 7b253206818580c66a11eb3f555468d870800410 263506 postgresql-contrib_8.3.11-0lenny1_all.deb 4793ef7cbea1ee2a6440025843385d78eadb2338 470532 libpq-dev_8.3.11-0lenny1_amd64.deb f1a0ed9955b40827be5b6e51e40d8a5f0b810d7c 401862 libpq5_8.3.11-0lenny1_amd64.deb 6bf7105a12513aa7caec4ee88ef5fced2d93add5 292664 libecpg6_8.3.11-0lenny1_amd64.deb 4a87535e02712da2c4db50205f35d75a23a1df4b 481712 libecpg-dev_8.3.11-0lenny1_amd64.deb 2dce0f5c5d7bc334678531007843594ec01789a8 271560 libecpg-compat3_8.3.11-0lenny1_amd64.deb 799be2659366a1e050cf0871898490e98f8822e2 292804 libpgtypes3_8.3.11-0lenny1_amd64.deb 4840d9e5cb760453bbdb67a6ebe763329bdde9d7 5375772 postgresql-8.3_8.3.11-0lenny1_amd64.deb 79e57b73db1dba692a23c74d9fba790eab478376 1711384 postgresql-client-8.3_8.3.11-0lenny1_amd64.deb ca9464dc9ea2cb302a1815167ba8e305b945aef4 836896 postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb 85c9e4f3a5ba676ae93574d2fce4b54e427f3e6b 628566 postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb 7c3b945227b4f616a1fcd8b137e6e71cfb3e3f5e 292774 postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb 58e84bcd2663c53c48192cedc13a6129e5dbb2bf 285326 postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb 34afd7b1a3462feb54cd20f472724674949fd263 283080 postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb Checksums-Sha256: 751caf0be51c4cc37bf55539739980ce14be8665ff7d907cd42a016a3d52c6d0 1673 postgresql-8.3_8.3.11-0lenny1.dsc 37e3574a3bea89fcab18b352d2274c8c389b8edfd0863b54a042a86cafa40e93 13913683 postgresql-8.3_8.3.11.orig.tar.gz 70be99aebd92eed838345c6b22037707a94420079821243c44e66627e10fc9fd 50334 postgresql-8.3_8.3.11-0lenny1.diff.gz d315a4969542ba97facb8ca37286791cf7d1300ea27b0fcb95a10a2a0f88d694 2194706 postgresql-doc-8.3_8.3.11-0lenny1_all.deb 4d532ad5051e7d746e0245d860b62c6d45be78be3702513f717437728df14d33 263636 postgresql_8.3.11-0lenny1_all.deb f7c9ca8a903de87866da14c3d98c7e1a67972ff2e16e64dd4473fd3500853480 263608 postgresql-client_8.3.11-0lenny1_all.deb 34a93b400e08096d1437e782163699781723e5b5073b372bde66bce5252bc01e 263450 postgresql-doc_8.3.11-0lenny1_all.deb 666d53e532c0ca37da365c8ffb0ec66958be8e4b684483fe3264bd9f3596b561 263506 postgresql-contrib_8.3.11-0lenny1_all.deb 94b12157e774618d8a498f349d1e0e83b89a6aecb94e22d2696fd89b99bc4b68 470532 libpq-dev_8.3.11-0lenny1_amd64.deb 54c4f23fae8c8707783e95d1cdcb048359c439f2ee7231a8187369101ef0af9a 401862 libpq5_8.3.11-0lenny1_amd64.deb 17ea7fc130427a10f76f253e5f52f2573f6ec03545294657f15cc9b806024d1f 292664 libecpg6_8.3.11-0lenny1_amd64.deb 0d1f0e1552dfee1b69ff95d6daa16b59e172068d27897d0d89dc5c99d985e698 481712 libecpg-dev_8.3.11-0lenny1_amd64.deb 97564e53776bb9ceaf4782dace0586679a4b139eb66bf3caadd7e838e374080a 271560 libecpg-compat3_8.3.11-0lenny1_amd64.deb bd89ae7a7deb55fd4c4c427e3e0e936b379412b48eb9827197501a8fdc1b8b6d 292804 libpgtypes3_8.3.11-0lenny1_amd64.deb ac0d1895b2ec064847a48172676fb990bfd422ca4f5bf49d018e44168a39a8bf 5375772 postgresql-8.3_8.3.11-0lenny1_amd64.deb f74fcd07ff0c63beafa9b94fd33ad8fe7cbf3bc35876a08565259398261fc8c3 1711384 postgresql-client-8.3_8.3.11-0lenny1_amd64.deb 01ac9bb34f435eec56c374b8ee4623096d10547d41da7b775a413a517734efdb 836896 postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb c85fd5fd091f760bc83af1b33fea1202ee6b1abf386255ad27fd718c52bd2bf2 628566 postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb 6aac03a4db0bc7cb6bfc3bdc025dfc421a0ab66965833a4dd7cb55efcb42eca5 292774 postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb 521d5021d9ee1f18b8e55caebd2e9fdd4a5c24e81323d8fef39a16edc68fdba2 285326 postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb fa021a94dfdf8a99b8b1c59b0bdd2046b99d774c790b2cc7dc392c71131b6635 283080 postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb Files: 725fcd67e1b92cc9bd9f78c9aefa1d83 1673 misc optional postgresql-8.3_8.3.11-0lenny1.dsc 02472af037929fe30405d1497f07421d 13913683 misc optional postgresql-8.3_8.3.11.orig.tar.gz 717569100b751cfc3c18ca82b70fd0f4 50334 misc optional postgresql-8.3_8.3.11-0lenny1.diff.gz 0cf86f435601423485565bc69e53c837 2194706 doc optional postgresql-doc-8.3_8.3.11-0lenny1_all.deb 9dd154ff43d8dd67cbc9e92a91156362 263636 misc optional postgresql_8.3.11-0lenny1_all.deb ef90b5f536cff943601e3b12f42f18c7 263608 misc optional postgresql-client_8.3.11-0lenny1_all.deb 1605ce58c660805db2cf8856ec416d2d 263450 doc optional postgresql-doc_8.3.11-0lenny1_all.deb f5c5e8f917b6275b9a25d5c4abf5a1f7 263506 misc optional postgresql-contrib_8.3.11-0lenny1_all.deb 2436b21aa2203eee039e2cbb45827d4e 470532 libdevel optional libpq-dev_8.3.11-0lenny1_amd64.deb 57cf63727b123cf6fad17ad7d09a3e84 401862 libs optional libpq5_8.3.11-0lenny1_amd64.deb 0e3d90165381d8acaec7594aa5cfa362 292664 libs optional libecpg6_8.3.11-0lenny1_amd64.deb 850e779fc73a4431f30c0d86342928ec 481712 libdevel optional libecpg-dev_8.3.11-0lenny1_amd64.deb dabf3fc59799e0f7d263994ce0dc0bcc 271560 libs optional libecpg-compat3_8.3.11-0lenny1_amd64.deb a5093c44db8a7241ad5f67dfa8e98c28 292804 libs optional libpgtypes3_8.3.11-0lenny1_amd64.deb 1b5ef9ceba9baa46167e00b372270066 5375772 misc optional postgresql-8.3_8.3.11-0lenny1_amd64.deb c0d2226a6a187fbeed9e75bc6057acca 1711384 misc optional postgresql-client-8.3_8.3.11-0lenny1_amd64.deb c3eb338e2ad07ae51e75a407c2cd4bf0 836896 libdevel optional postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb e757827b14491e32ac6f006eb3e63793 628566 misc optional postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb 836027236a48ae103a292cada977094f 292774 misc optional postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb ad78582673618ab2836aa24ee72a18c4 285326 misc optional postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb 6ddf3d08223b718ee0859d64a4149b21 283080 misc optional postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkv1pk0ACgkQDecnbV4Fd/Ks3wCg9b5A7IkdaD8+9e+wb1GLkFo4 hkIAniwyh+eQpDzkS28DhxQCOIseeADr =ifNx -----END PGP SIGNATURE----- Accepted: libecpg-compat3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_amd64.deb libecpg-dev_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_amd64.deb libecpg6_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_amd64.deb libpgtypes3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_amd64.deb libpq-dev_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_amd64.deb libpq5_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_amd64.deb postgresql-8.3_8.3.11-0lenny1.diff.gz to main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.diff.gz postgresql-8.3_8.3.11-0lenny1.dsc to main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.dsc postgresql-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_amd64.deb postgresql-8.3_8.3.11.orig.tar.gz to main/p/postgresql-8.3/postgresql-8.3_8.3.11.orig.tar.gz postgresql-client-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_amd64.deb postgresql-client_8.3.11-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-client_8.3.11-0lenny1_all.deb postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb postgresql-contrib_8.3.11-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-contrib_8.3.11-0lenny1_all.deb postgresql-doc-8.3_8.3.11-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-doc-8.3_8.3.11-0lenny1_all.deb postgresql-doc_8.3.11-0lenny1_all.deb to main/p/postgresql-8.3/postgresql-doc_8.3.11-0lenny1_all.deb postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb to main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb postgresql_8.3.11-0lenny1_all.deb to main/p/postgresql-8.3/postgresql_8.3.11-0lenny1_all.deb