-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 21 May 2015 15:56:32 +0200 Source: postgresql-9.1 Binary: postgresql-plperl-9.1 Architecture: source amd64 Version: 9.1.16-0+deb8u1 Distribution: stable-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1 Changes: postgresql-9.1 (9.1.16-0+deb8u1) stable-security; urgency=medium . * New upstream version, relevant PL/Perl change: . + Improve detection of system-call failures (Noah Misch) . Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure. . It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166) . * Repository moved to git, update Vcs headers. Checksums-Sha1: e70f1caa6c68ebeb9d85d56895144035ec3b3c03 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc e6cdb1494cc90ede8c0a19ac2ea1c14dbf36d404 15814306 postgresql-9.1_9.1.16.orig.tar.bz2 aa5e3c3d9967d809bc89024be8a65ae1851da749 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz 35ed30e196d7125a86ebfacbb46d3f17caa6fde0 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb Checksums-Sha256: 5a8cc29ef6c448bb3fa143044783d2516ff0ce8a11ee00b0497af083dcbe9d99 2271 postgresql-9.1_9.1.16-0+deb8u1.dsc 2b65e2f7d6171107b96d3e92f42b869ec21f3b4e920d8941e511111372909456 15814306 postgresql-9.1_9.1.16.orig.tar.bz2 52f3b23471bd4d761e537b658c06b0086e4593e6eedc432fd9dc6bea06775c1e 35248 postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz 1785f860bdc5f8ea9885a1a8bc3ac67f7b1173446f2dfcbcaf5c6729019f8802 73278 postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb Files: 107a08972b48fb68571525d5e09aa3c3 2271 database optional postgresql-9.1_9.1.16-0+deb8u1.dsc db77f7ca6123ec6b71fee983a896a24b 15814306 database optional postgresql-9.1_9.1.16.orig.tar.bz2 3afcd1f06de1ca17518b544f50a617ac 35248 database optional postgresql-9.1_9.1.16-0+deb8u1.debian.tar.xz c3ba516fb8467f58c5fc7088a8b9ed7c 73278 database optional postgresql-plperl-9.1_9.1.16-0+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVXeXNAAoJEExaa6sS0qeuDAcP/2gkZnQddj5OApczDYsSKLMX YAj2FFAcsAxEdpMxZ6o0Kdor0T7v6mBKhKsvhRABQII4LL7rlSrGU4s3hhrao3Yj 6rbyhhRcRdwYY98Vl1NxiU0RoBsNy1bdXcYK5MlXrSzA9JybIu3liCRwGblBWHQk VcNwgII7boJ/xQAm20bAyVnnZBwob1YCYMrwzLeqjSomzcbu+JHRurHiU7iprfzy cbBtOnEsbNsRuVKcT5C3E6gegFBbKS+8nkVvX2vVLUaNdcIJJS0dVm+6eWhuGZUD rPhEPsBV44YOQlub+qjxFkaI81M71FKX/551+sxexXQiZ0ECmraW8Ce9SQqlpfgv IPy8Y0UxGBmNsK4nKXfXo+3c/EXPVXf/qEEUNQmvbl4Dmhp0LuqdWqgN3+gihj4B RQqJQjWOTzLivAO3Mh/RtksH/iYfYXAc5+SPfJ56RBxMji17HDkBmALM5kg7VnE3 MIuwSYVfmYzdZzEy5FI93sMD9LIE9jqP7zoMGvT9U/cUlzZkll7BDgeZ1yCvyD+b FprrgG/zpfqf9dBk5kldwYt/EaYq0VqFFMFT5ujP1FhSSInNxrOxUQpCsycvaBSd eYJD25qmbbv4lFbb8YNORTS+l2PQAhWSDqLpNBDUqyhiXB7+ufOrfKgP145wxXx5 wWHJdocu0cSiTDrwbDSH =a0S8 -----END PGP SIGNATURE-----