-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Oct 2015 11:02:48 +0200 Source: postgresql-9.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4 Architecture: source Version: 9.4.5-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.4 - object-relational SQL database, version 9.4 server postgresql-9.4-dbg - debug symbols for postgresql-9.4 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4 postgresql-contrib-9.4 - additional facilities for PostgreSQL postgresql-doc-9.4 - documentation for the PostgreSQL database management system postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming Changes: postgresql-9.4 (9.4.5-1) unstable; urgency=medium . * New upstream version. . + Guard against stack overflows in json parsing (Oskari Saarenmaa) . If an application constructs PostgreSQL json or jsonb values from arbitrary user input, the application's users can reliably crash the PostgreSQL server, causing momentary denial of service. (CVE-2015-5289) . + Fix contrib/pgcrypto to detect and report too-short crypt() salts (Josh Kupershmidt) . Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5288) . * debian/rules: Call dh without --parallel, it's not supported upstream. Checksums-Sha1: 15fd99879923d8f7fd86c26ab00e38bd6c1ad456 3503 postgresql-9.4_9.4.5-1.dsc 266b8e92cdced161b6a98d4eda0810e4b61fcf49 17660960 postgresql-9.4_9.4.5.orig.tar.bz2 52e7e745c73994b7ad9f48dec19c5c5e8bb05589 21352 postgresql-9.4_9.4.5-1.debian.tar.xz Checksums-Sha256: a8bf6a87916326f7ecc504d0429a51b552a8ff1f39f3b2aa09abb55ba4d43f82 3503 postgresql-9.4_9.4.5-1.dsc b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39 17660960 postgresql-9.4_9.4.5.orig.tar.bz2 1aaffc8862d0450e292e56bc3793abb579bc5d6765f74bf50915647f5e194691 21352 postgresql-9.4_9.4.5-1.debian.tar.xz Files: a4c3882b159f8918226b0b07b66f1a2b 3503 database optional postgresql-9.4_9.4.5-1.dsc 8b2e3472a8dc786649b4d02d02e039a0 17660960 database optional postgresql-9.4_9.4.5.orig.tar.bz2 791802a730ce91ea3a5f2b4d9b39e969 21352 database optional postgresql-9.4_9.4.5-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWFmUmAAoJEExaa6sS0qeuTLsP/iXgU9J6thdLSDP7EuqUgnQD ekIH+25k8XTg57wy3KqtFq+oc+mftrZKIj5cngLUax8yJ08SBvBP4QDiv1vlFT/p 9y6lYmy05ZtTmZ5g0jCR0gedRYuaEDQecvevtkBKoRPduaysV5V4HayijpuHxUzw 6SICyE0t1L8m+HM/9SxlBfqdhuCFDO4PGgnJ/w/yS34VW8s8XqhG0/WFpqb21j1y vNKqfPTgKtkIuT/U05Zai7VOLUmj2YUaPFw3z0sd/zgzBj0/VTzj6pTNW0kwBMrE Tnjlr2WEjdcNzad6yXf0mJ4un2qqvBH79f9wxPMKNLLMHciqoFpaZJPkzhVd+396 V5wWshsxhmTOxVJpRtpry5mXynA2ck/pi1i6Vr5QoUZnK4KMpac3L8YA0d2YUK4r pwxnUn2DLcJFb2WCYuJ9brkFabwnlASPhWTK+ol4NSM5TtJBiJ082EufbcLDZKJR uaHGYb6keW4MyZ6SytNdkU98Hb9aDAAX5rlaEbz2a9VpCM2RTbOlvrH39ioqfoVv xAhttBzb3oipIpigDLhJpW8a+s/eMqo2CoYpf4xK+GH4APQlK7FL/Z8w0SOIO/FS 9wkwk8vrRmvZBiCj7P6d7anxpHGJPu6CfacW2VKzCq+8wWzSH84AvDORY9ib+WVh D1xV1J0XvUKFvQz6DxSi =KjZi -----END PGP SIGNATURE-----