-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 05 Oct 2010 20:42:30 +0200 Source: postgresql-9.0 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.0 postgresql-client-9.0 postgresql-server-dev-9.0 postgresql-doc-9.0 postgresql-contrib-9.0 postgresql-plperl-9.0 postgresql-plpython-9.0 postgresql-pltcl-9.0 postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all amd64 Version: 9.0.1-1 Distribution: unstable Urgency: low Maintainer: Martin Pitt <mpitt@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.0 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql - object-relational SQL database (supported version) postgresql-9.0 - object-relational SQL database, version 9.0 server postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-9.0 - front-end programs for PostgreSQL 9.0 postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-contrib-9.0 - additional facilities for PostgreSQL postgresql-doc - documentation for the PostgreSQL database management system postgresql-doc-9.0 - documentation for the PostgreSQL database management system postgresql-plperl-9.0 - PL/Perl procedural language for PostgreSQL 9.0 postgresql-plpython-9.0 - PL/Python procedural language for PostgreSQL 9.0 postgresql-pltcl-9.0 - PL/Tcl procedural language for PostgreSQL 9.0 postgresql-server-dev-9.0 - development files for PostgreSQL 9.0 server-side programming Changes: postgresql-9.0 (9.0.1-1) unstable; urgency=low . * New upstream security/bug fix release: - Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl. This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - Improve pg_get_expr() security fix so that the function can still be used on the output of a sub-select. - Fix incorrect placement of placeholder evaluation. This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list. - Fix join removal's handling of placeholder expressions. - Fix possible duplicate scans of UNION ALL member relations. - Prevent infinite loop in ProcessIncomingNotify() after unlistening. - Prevent show_session_authorization() from crashing within autovacuum processes. - Re-allow input of Julian dates prior to 0001-01-01 AD. Input such as 'J100000'::date worked before 8.4, but was unintentionally broken by added error-checking. - Make psql recognize "DISCARD ALL" as a command that should not be encased in a transaction block in autocommit-off mode. - Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git. Checksums-Sha1: 9d48f54219c0f13973e4364181ef44c8af050a85 2520 postgresql-9.0_9.0.1-1.dsc 7adeb3c4b661115ec6eb4e5896edfee71f87245e 13773951 postgresql-9.0_9.0.1.orig.tar.bz2 9e42a497a7423335fda8a3fa929e3935caa70314 20673 postgresql-9.0_9.0.1-1.debian.tar.gz 6544ea0c8952a56a24511ff1db5a7e3adcafcb88 2526742 postgresql-doc-9.0_9.0.1-1_all.deb 026ddd2c6d46c78637d89b456193a6507d8c5d4b 295546 postgresql_9.0.1-1_all.deb aabe6e598661b88fe5ff81ca8f4b861a43afdc93 295522 postgresql-client_9.0.1-1_all.deb a4d84be1b9b5d586e722cb5bc69f000807e813cb 295358 postgresql-doc_9.0.1-1_all.deb 3dab724c8338397ef01510868bf855cccbf5471b 295424 postgresql-contrib_9.0.1-1_all.deb 6699597b1ee709569210ff7d6a8000acb8047958 517060 libpq-dev_9.0.1-1_amd64.deb 4a5910e2fec5975a85a87a5c04a10097c0d81c68 431842 libpq5_9.0.1-1_amd64.deb 6929dd184914d6bb3c886529755c78ae77ad5211 363820 libecpg6_9.0.1-1_amd64.deb 726bf0226cca17b2c5c6574a0dc6bd19c54702ef 549480 libecpg-dev_9.0.1-1_amd64.deb c6e48de8a04d85d6c80b8edf60cab72cceace063 303500 libecpg-compat3_9.0.1-1_amd64.deb e30822fb8b47a0c945d44fe29d94ddef1dcb2381 327394 libpgtypes3_9.0.1-1_amd64.deb 606abf76a3600a483a6bcf2f1b56ddb324ced7fa 5421028 postgresql-9.0_9.0.1-1_amd64.deb 5dfb955f5ec7617de17d0a824af56f849aef2473 1587282 postgresql-client-9.0_9.0.1-1_amd64.deb 05b2fd12f806b0b2a61635a2731c997a7f177bfa 937520 postgresql-server-dev-9.0_9.0.1-1_amd64.deb d0f39b223813146edd715418b8fe250b14eaf962 731494 postgresql-contrib-9.0_9.0.1-1_amd64.deb bf9fcd02a9d394ccf61ac63198784f42a12bd437 337642 postgresql-plperl-9.0_9.0.1-1_amd64.deb efd95264fd3cede86c751a8103fecb3bbe1a85c6 338084 postgresql-plpython-9.0_9.0.1-1_amd64.deb aae8ca084af165c075aa92bc2bf9b253c1ee068d 318370 postgresql-pltcl-9.0_9.0.1-1_amd64.deb Checksums-Sha256: 654a37d52cb621cb183aa93ad0b911f15a6a34a75a891df00bfb6db74cd89ad7 2520 postgresql-9.0_9.0.1-1.dsc 5310cd490127845f1473a0f73f7b0d18277d81d51534ddfe17ea3e78286a3196 13773951 postgresql-9.0_9.0.1.orig.tar.bz2 00ec1df26e8b478d7b46fffb77d7bc107058ca053cf4100ce8224e174a0cb5dc 20673 postgresql-9.0_9.0.1-1.debian.tar.gz 8e6e0cd627a0d4cea7712b175b3afa88e324e9c88e0b0ccd3a0590d1537d1a61 2526742 postgresql-doc-9.0_9.0.1-1_all.deb bd5f27dd91b0daf1631a3ab461e8f1531919551c47e349ef6d3f6c1384b1cac9 295546 postgresql_9.0.1-1_all.deb fa6f88d38b3314a6ec6b2d460983e409f9bf60184165c93a29fe04695f76ac41 295522 postgresql-client_9.0.1-1_all.deb 80a8ae347aa514074d66eb95d15bd864e0bce1ef6b87730f65c2581c29c5d294 295358 postgresql-doc_9.0.1-1_all.deb 700e538cced80ad71b6ab94442a60e3d15224e8cbe172dd48a19865b17232f10 295424 postgresql-contrib_9.0.1-1_all.deb 7af9824541fd44dd03fb31dbe352f3a35210d1e71d7e7bae980ceaff4b485e4a 517060 libpq-dev_9.0.1-1_amd64.deb f092cc6b1a71c8e9a4a60a688fa733475794ad94ca7adf653ebe94c8beed0b06 431842 libpq5_9.0.1-1_amd64.deb fff30ed122e0a8d65d8bd6217a5e6369f1f4d801867aca5b61e9c1d42fad13cc 363820 libecpg6_9.0.1-1_amd64.deb 568424a693edd058da2ca831f89421a15da4f1a202eebe5132db769770918274 549480 libecpg-dev_9.0.1-1_amd64.deb 63e0eaf43640eea8734bcc8271a746f1a14cdd8066f9fd51f5a801b3de2fdebd 303500 libecpg-compat3_9.0.1-1_amd64.deb 48b3f69ef0a849954d8606915ff60c06d3cac3b70c99bb4108dcdb799ff2e34d 327394 libpgtypes3_9.0.1-1_amd64.deb a45e389742a408becf729cb8d73110ef1a491da6e0af4447fe44dcf65562f9b9 5421028 postgresql-9.0_9.0.1-1_amd64.deb c7506b1d7312e42101d7bf4d303d84ca85c35ab0b568550d2efe4e74f4576cbf 1587282 postgresql-client-9.0_9.0.1-1_amd64.deb cf58bf09afd4099f8dc828e2c32511e5074895112a7fb1536e02e4edb422a880 937520 postgresql-server-dev-9.0_9.0.1-1_amd64.deb 965cdbed382a139ac20470d55c4fb0fb1b6fb234d307cd199c84b9c3c48de22d 731494 postgresql-contrib-9.0_9.0.1-1_amd64.deb c4ea6de1b91f9314112b20b95bfabcc6c2a056c2d25e82ce5515716e978e003f 337642 postgresql-plperl-9.0_9.0.1-1_amd64.deb e621b413600fe9dd95a6555542375060c82c88bb7ca77ed6afc4e9fa94eea4d8 338084 postgresql-plpython-9.0_9.0.1-1_amd64.deb 8b66409dc5dbd756f4f769a5a52034521640ac628b66a274d5b31e22ce1bd274 318370 postgresql-pltcl-9.0_9.0.1-1_amd64.deb Files: dd63f79a3c43dc6bade276710fa562e9 2520 database optional postgresql-9.0_9.0.1-1.dsc 57ba57e43cfe29e16dacbf5789be98d1 13773951 database optional postgresql-9.0_9.0.1.orig.tar.bz2 58f15cb1ce8d3140b9d4f1c3fa1f149b 20673 database optional postgresql-9.0_9.0.1-1.debian.tar.gz eeb1e9cabcc762fd9b54cf69d50c0e98 2526742 doc optional postgresql-doc-9.0_9.0.1-1_all.deb 5db9627035607fccb4530570d6df1b79 295546 database optional postgresql_9.0.1-1_all.deb 8fd11230e08afa1f0fc68b39faf86fe1 295522 database optional postgresql-client_9.0.1-1_all.deb 43e3d1143a56cca6436abb56a238938d 295358 doc optional postgresql-doc_9.0.1-1_all.deb ea3dbdc9476c2dc2ffe64899865a0e37 295424 database optional postgresql-contrib_9.0.1-1_all.deb 99966b33f9ef6f35b135dcfc1baf62da 517060 libdevel optional libpq-dev_9.0.1-1_amd64.deb d6b42240982779ff4bda483e68a81b94 431842 libs optional libpq5_9.0.1-1_amd64.deb 06228668db33b8f62fbd954059d7d83d 363820 libs optional libecpg6_9.0.1-1_amd64.deb 14f6d1541ad9fe2623ef2dc06d1ec4a7 549480 libdevel optional libecpg-dev_9.0.1-1_amd64.deb 3194e1665905b9c7bc2945c0e7cd3b79 303500 libs optional libecpg-compat3_9.0.1-1_amd64.deb 10fee93ced21d7482ccefdcbdcca5f4d 327394 libs optional libpgtypes3_9.0.1-1_amd64.deb 8d3a5ec7c4b1e0b9be48a36c51496d99 5421028 database optional postgresql-9.0_9.0.1-1_amd64.deb 6cc83c0b410aed32f74c8041e1234660 1587282 database optional postgresql-client-9.0_9.0.1-1_amd64.deb bd9ab032468085400ce06ce250bcc558 937520 libdevel optional postgresql-server-dev-9.0_9.0.1-1_amd64.deb 29f371e43c90a113ec83394d987c1245 731494 database optional postgresql-contrib-9.0_9.0.1-1_amd64.deb 183b8c17153940669f0a72c83d230ffe 337642 database optional postgresql-plperl-9.0_9.0.1-1_amd64.deb aca2fa798dba20cede83d00fb9c8ab56 338084 database optional postgresql-plpython-9.0_9.0.1-1_amd64.deb c01b389c1e9ef38db286ad75d01d23a1 318370 database optional postgresql-pltcl-9.0_9.0.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMq3aSAAoJEPmIJawmtHufoEgQAL5MkBRzFXjrplIEXYmXWJ6H VcNNP/Q7WYj6Pb7CD6cw4LaWebkI7Uo+4dT752GaUAKuuclVaJtKCvp1YOUjXn1y yRg7D7csr70wmD0hfXMe+IcigBBmL4IipYPzXdUf4+DDPkV/pBerv31SPnEJP5bp QeCtHvZEuTO5qEuEK8OUYGUDsiiwQByddqVzPJ72wvZnuh3wbKrd7MOue1X5Vg9E Wla3SCTELYOFkgCSedc6pca+O0LthuFwYvI/DqZzrxBOHRoqgnWWuudJJ9miRPHE /EdBB8wORE1wKVNlLd3wUGYkiV9lwopCegZMFpNZIFQXZSMzfEge++fwXgwhmeut 9/xRdRHbSv3uB/t3lYPQtLZGAZ9jP9xrJCjD1PYtTIwTRGGgkXwOfOjMbqGYGTj4 Q16XJPWP+keW8V1biYQmZbEHq/ctdc24Fc/2v34qGne915FthTv0bxwJ49Zd9hee N1oL8FQxSWXzlW69wHhwRImDq+5Gm0ZI3lPFfwFAjMzJAEJIHLucfGPN6MUBnLnj pGqcF9u0iqcst+Ry7f1YAmH0lJ6hTzVZe5Zu9m2euPzqOXQPXGoSlR1xwPCmcmKZ Bue+PRcEhA6OBNywGWUKUBpEL6q2Ky82crJwIODebnRG0MLKfjqD/vkIZ6euytm1 TS3GhM2U5lNF10nftQoG =qr2l -----END PGP SIGNATURE----- Accepted: libecpg-compat3_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libecpg-compat3_9.0.1-1_amd64.deb libecpg-dev_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libecpg-dev_9.0.1-1_amd64.deb libecpg6_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libecpg6_9.0.1-1_amd64.deb libpgtypes3_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libpgtypes3_9.0.1-1_amd64.deb libpq-dev_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libpq-dev_9.0.1-1_amd64.deb libpq5_9.0.1-1_amd64.deb to main/p/postgresql-9.0/libpq5_9.0.1-1_amd64.deb postgresql-9.0_9.0.1-1.debian.tar.gz to main/p/postgresql-9.0/postgresql-9.0_9.0.1-1.debian.tar.gz postgresql-9.0_9.0.1-1.dsc to main/p/postgresql-9.0/postgresql-9.0_9.0.1-1.dsc postgresql-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-9.0_9.0.1-1_amd64.deb postgresql-9.0_9.0.1.orig.tar.bz2 to main/p/postgresql-9.0/postgresql-9.0_9.0.1.orig.tar.bz2 postgresql-client-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-client-9.0_9.0.1-1_amd64.deb postgresql-client_9.0.1-1_all.deb to main/p/postgresql-9.0/postgresql-client_9.0.1-1_all.deb postgresql-contrib-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-contrib-9.0_9.0.1-1_amd64.deb postgresql-contrib_9.0.1-1_all.deb to main/p/postgresql-9.0/postgresql-contrib_9.0.1-1_all.deb postgresql-doc-9.0_9.0.1-1_all.deb to main/p/postgresql-9.0/postgresql-doc-9.0_9.0.1-1_all.deb postgresql-doc_9.0.1-1_all.deb to main/p/postgresql-9.0/postgresql-doc_9.0.1-1_all.deb postgresql-plperl-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-plperl-9.0_9.0.1-1_amd64.deb postgresql-plpython-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-plpython-9.0_9.0.1-1_amd64.deb postgresql-pltcl-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-pltcl-9.0_9.0.1-1_amd64.deb postgresql-server-dev-9.0_9.0.1-1_amd64.deb to main/p/postgresql-9.0/postgresql-server-dev-9.0_9.0.1-1_amd64.deb postgresql_9.0.1-1_all.deb to main/p/postgresql-9.0/postgresql_9.0.1-1_all.deb