-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Oct 2015 14:24:00 +0200 Source: postgresql-9.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4 Architecture: source amd64 all Version: 9.4.5-0+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.4 - object-relational SQL database, version 9.4 server postgresql-9.4-dbg - debug symbols for postgresql-9.4 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4 postgresql-contrib-9.4 - additional facilities for PostgreSQL postgresql-doc-9.4 - documentation for the PostgreSQL database management system postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming Changes: postgresql-9.4 (9.4.5-0+deb8u1) jessie-security; urgency=medium . * New upstream security release. . + Guard against stack overflows in json parsing (Oskari Saarenmaa) . If an application constructs PostgreSQL json or jsonb values from arbitrary user input, the application's users can reliably crash the PostgreSQL server, causing momentary denial of service. (CVE-2015-5289) . + Fix contrib/pgcrypto to detect and report too-short crypt() salts (Josh Kupershmidt) . Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5288) Checksums-Sha1: b2de02c735bfcd128d182ebee100a8d2fc3fd5a9 3525 postgresql-9.4_9.4.5-0+deb8u1.dsc 266b8e92cdced161b6a98d4eda0810e4b61fcf49 17660960 postgresql-9.4_9.4.5.orig.tar.bz2 76b489bfbcb33c408c237c062e522cfe0fcdb792 21272 postgresql-9.4_9.4.5-0+deb8u1.debian.tar.xz 03c20381f1ea78ecdacebf42d8419b72b4f65328 162514 libpq-dev_9.4.5-0+deb8u1_amd64.deb ce52dff83de93c85f993138c6a445f795ff4c09c 122806 libpq5_9.4.5-0+deb8u1_amd64.deb 4f94d0291beebeb76a870e04041c12d616b36f2d 78766 libecpg6_9.4.5-0+deb8u1_amd64.deb 52f64144d4b170445165504452c31440484574ad 216130 libecpg-dev_9.4.5-0+deb8u1_amd64.deb b032aad2fccb9ee9221959e0989b2144a5a76e5c 14542 libecpg-compat3_9.4.5-0+deb8u1_amd64.deb 22cfb0474d2c6bb45aacb02cd76b3364bf28e674 36530 libpgtypes3_9.4.5-0+deb8u1_amd64.deb 77b4a5bdd602fd633b8f42145d3de257be7b614c 3675878 postgresql-9.4_9.4.5-0+deb8u1_amd64.deb c1cdbbf1e7fa85ef62234ef821b3c9829162a3c3 12058402 postgresql-9.4-dbg_9.4.5-0+deb8u1_amd64.deb 1b94b6217bca3d693fb5968b66e51a26cdf4b7b4 1072084 postgresql-client-9.4_9.4.5-0+deb8u1_amd64.deb f1cd4c8611576eba8b8a6f96137f16c2eab6220a 634996 postgresql-server-dev-9.4_9.4.5-0+deb8u1_amd64.deb 78665fe99cf78517f9e66273d14f88b5f102fa12 1850958 postgresql-doc-9.4_9.4.5-0+deb8u1_all.deb a09e7c3a5ec2fbf4a48583735664776b83091851 449378 postgresql-contrib-9.4_9.4.5-0+deb8u1_amd64.deb 41c646e135226058edff2efe7452638809c52eea 55540 postgresql-plperl-9.4_9.4.5-0+deb8u1_amd64.deb 5a2675075ac37716597430c1c6d3af3e62ac3fa6 43684 postgresql-plpython-9.4_9.4.5-0+deb8u1_amd64.deb eb4dce6527110eb435c635cdd671a2a518f73329 43134 postgresql-plpython3-9.4_9.4.5-0+deb8u1_amd64.deb d76abe9731428390f24cc1f182d25e0564f14ef6 29300 postgresql-pltcl-9.4_9.4.5-0+deb8u1_amd64.deb Checksums-Sha256: b6f06f331a660f65a48f24c9a129466b7b92b7458902b61fed9c3d726fab7046 3525 postgresql-9.4_9.4.5-0+deb8u1.dsc b87c50c66b6ea42a9712b5f6284794fabad0616e6ae420cf0f10523be6d94a39 17660960 postgresql-9.4_9.4.5.orig.tar.bz2 bf02cc40e7b80d8490a483d8acd0ab7bba4bc3079a57c711b0f493b5f1cc2b6e 21272 postgresql-9.4_9.4.5-0+deb8u1.debian.tar.xz cf1a2ea7100d633087bc4f967cd84f76e3b8094ddec3e40e10fd61b28dd20b58 162514 libpq-dev_9.4.5-0+deb8u1_amd64.deb 40c3a514ac6dcf3e6c87c7b852ff6ff68729e8c9d065a7389da9c02805e72393 122806 libpq5_9.4.5-0+deb8u1_amd64.deb 4ad48c6c1754ae79d5701d5df424a658ef30fb44a09520a9f72ccb62948c9da0 78766 libecpg6_9.4.5-0+deb8u1_amd64.deb 288b1448392896c30c1a12039595f9d83de4e0ed25716d675da2d738cc9538ba 216130 libecpg-dev_9.4.5-0+deb8u1_amd64.deb fc6e26a8b65113c1b9315bf3e52907764593c7f0f812623b730c6bd9f15a2f58 14542 libecpg-compat3_9.4.5-0+deb8u1_amd64.deb 2b8ced8e0441390bd3f69a648794695a480abff6ca49a02c22e6078be601d653 36530 libpgtypes3_9.4.5-0+deb8u1_amd64.deb 6b0f9e779d05de421d6abde6a2ab4ea97e8c9a357fd3876cad4557bbaf2250bc 3675878 postgresql-9.4_9.4.5-0+deb8u1_amd64.deb 145e6fc126ab1547b31fb65aa6bfe5a9c616c5f190aeabf8f974bc1af8b8e65b 12058402 postgresql-9.4-dbg_9.4.5-0+deb8u1_amd64.deb c75e7f76c4dac447e5872f7097e8ba26b18d7ec4ecae2b5aa8f24220f1a42cfe 1072084 postgresql-client-9.4_9.4.5-0+deb8u1_amd64.deb f389b5b70947724405a910f58bbe0121b253a1c5da5593570d744cbcc001c030 634996 postgresql-server-dev-9.4_9.4.5-0+deb8u1_amd64.deb ee7c5ab601d9b1ac7984a652eeff17d66c369d2f3cea9e834c92c73b8f56e413 1850958 postgresql-doc-9.4_9.4.5-0+deb8u1_all.deb 417275ce11f87f113922deff502a34481623471cc0d8eb4426ee43ef5bd50e44 449378 postgresql-contrib-9.4_9.4.5-0+deb8u1_amd64.deb 08c7b5de058c98a9072f28e1f2b2b3efe8132f150963ea92c93ebab30c03f68a 55540 postgresql-plperl-9.4_9.4.5-0+deb8u1_amd64.deb f26dc9a0d845e368cefaff6eeb970deeb70937cf6356c2c7ab3fa453b380de62 43684 postgresql-plpython-9.4_9.4.5-0+deb8u1_amd64.deb 3515d9b10839239ef3d48ec9fbb73b451e9bd05f33d7ca19e6ae7f48479126f9 43134 postgresql-plpython3-9.4_9.4.5-0+deb8u1_amd64.deb 6dc72fa4a69172531b73d1c1640ce6a57416077ac612a536a82fc815e29f3b5b 29300 postgresql-pltcl-9.4_9.4.5-0+deb8u1_amd64.deb Files: a8e136acca712641188f48e7f3f4ee38 3525 database optional postgresql-9.4_9.4.5-0+deb8u1.dsc 8b2e3472a8dc786649b4d02d02e039a0 17660960 database optional postgresql-9.4_9.4.5.orig.tar.bz2 140c9325f428ba199f450e1d84f44a5c 21272 database optional postgresql-9.4_9.4.5-0+deb8u1.debian.tar.xz d92bb1af06df617ef426b741cf135699 162514 libdevel optional libpq-dev_9.4.5-0+deb8u1_amd64.deb 3ba11857ea7ebc90260c16893b86a133 122806 libs optional libpq5_9.4.5-0+deb8u1_amd64.deb 6acd52809119eca56ebc65e274f32829 78766 libs optional libecpg6_9.4.5-0+deb8u1_amd64.deb 725074a6022ac7111b86a96809be4bce 216130 libdevel optional libecpg-dev_9.4.5-0+deb8u1_amd64.deb f91a55aefae46c56182d4949b7699e2f 14542 libs optional libecpg-compat3_9.4.5-0+deb8u1_amd64.deb 1ebf5a400d9876e501592dca5cc014f0 36530 libs optional libpgtypes3_9.4.5-0+deb8u1_amd64.deb cba9d88f857a7ab60014d695cd51459c 3675878 database optional postgresql-9.4_9.4.5-0+deb8u1_amd64.deb 426e4dc1581e7e6377291c56a8d05a3c 12058402 debug extra postgresql-9.4-dbg_9.4.5-0+deb8u1_amd64.deb 3af9399998d894dc405914eb22fa39e4 1072084 database optional postgresql-client-9.4_9.4.5-0+deb8u1_amd64.deb 730b2df53b380d61dd515e55a3a6310c 634996 libdevel optional postgresql-server-dev-9.4_9.4.5-0+deb8u1_amd64.deb 1c72cb531821f86e887ba2d0a95f0ae8 1850958 doc optional postgresql-doc-9.4_9.4.5-0+deb8u1_all.deb 404de9dc5f09762963e03f13f323ba5a 449378 database optional postgresql-contrib-9.4_9.4.5-0+deb8u1_amd64.deb 0079ceaac2f4736250edd8a4d81903fd 55540 database optional postgresql-plperl-9.4_9.4.5-0+deb8u1_amd64.deb 80cad13fdd7805540fcec31de1aaadb6 43684 database optional postgresql-plpython-9.4_9.4.5-0+deb8u1_amd64.deb 9742599480a710d40c58d7947aab5e09 43134 database optional postgresql-plpython3-9.4_9.4.5-0+deb8u1_amd64.deb 637c7d56e67e51ad71009d824a358bd5 29300 database optional postgresql-pltcl-9.4_9.4.5-0+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWFsD3AAoJEExaa6sS0qeuA88QAIToQm6C1W1inhoc0YcycTYm 2+OJAAguptYG7xran/vNxN9MErS7ku53WaeQz/MF4L1L+dH+LMMn5qXfeIQhgmCj v7Lnvme11kAfNMN8hUiJoGjyBiWNEYMgI4nA8wk66ydr3JjBZlCTxbVw+Be3Fsc2 xTyeEkfw9wyXiMVkgGK409DkQygJ/y2eWuta0wX+5tIbStMk61uMRJUO7DY1tRpi K25uAO6owHFYPp/wX+s38oi0cuWpuNvZhplryFSIw2LG63uo+86QGjHwWu99v4E8 SmtpYlnNt9hRr368DlvdM2TbGjVMxrd7kSS83RpwYpqSBkOinc5RP4nLoT13TBQg jeniucndUcz5B9AGx5ftZ47jCgOKvOP4Rz4ZzXDy6+UA1e9iYG3aADaRB6RrS9qK tBNAAB3/4SExAdX7XhadCPOEk30jV6KOyUvdpk2ToMULVgjImGTtWzktg9Gx1nQe iYapWQGR8w0tgAKCusm9GeQD3015wRO38LXFdU6lKToG108y2Th27fW1W0Gac+zM deCzI8coXWHi+cAtkmR8BG9a1ffJKk2nongt9mJWFjkBtQPBzYvOJnUnxaWZdHaP 6IS+74rqKRRFhvD7BzRTZ30osEgaUmkz7743X2bWLTzX+vZXJQzk1JNq9e1G0fEx u1YLh+AtR4NzHvCDa8/P =qq9N -----END PGP SIGNATURE-----