-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 Aug 2016 13:52:25 +0200 Source: postgresql-9.1 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-plpython3-9.1 postgresql-pltcl-9.1 Architecture: source amd64 all Version: 9.1.23-0+deb7u1 Distribution: wheezy-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.1 - object-relational SQL database, version 9.1 server postgresql-9.1-dbg - debug symbols for postgresql-9.1 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1 postgresql-contrib-9.1 - additional facilities for PostgreSQL postgresql-doc-9.1 - documentation for the PostgreSQL database management system postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1 postgresql-plpython3-9.1 - PL/Python 3 procedural language for PostgreSQL 9.1 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming Changes: postgresql-9.1 (9.1.23-0+deb7u1) wheezy-security; urgency=medium . * New upstream security release. . + Fix possible mis-evaluation of nested CASE-WHEN expressions (Heikki Linnakangas, Michael Paquier, Tom Lane) . A CASE expression appearing within the test value subexpression of another CASE could become confused about whether its own test value was null or not. Also, inlining of a SQL function implementing the equality operator used by a CASE expression could result in passing the wrong test value to functions called within a CASE expression in the SQL function's body. If the test values were of different data types, a crash might result; moreover such situations could be abused to allow disclosure of portions of server memory. (CVE-2016-5423) . + Fix client programs' handling of special characters in database and role names (Noah Misch, Nathan Bossart, Michael Paquier) . Numerous places in vacuumdb and other client programs could become confused by database and role names containing double quotes or backslashes. Tighten up quoting rules to make that safe. Also, ensure that when a conninfo string is used as a database name parameter to these programs, it is correctly treated as such throughout. . Fix handling of paired double quotes in psql's \connect and \password commands to match the documentation. . Introduce a new -reuse-previous option in psql's \connect command to allow explicit control of whether to re-use connection parameters from a previous connection. (Without this, the choice is based on whether the database name looks like a conninfo string, as before.) This allows secure handling of database names containing special characters in pg_dumpall scripts. . pg_dumpall now refuses to deal with database and role names containing carriage returns or newlines, as it seems impractical to quote those characters safely on Windows. In future we may reject such names on the server side, but that step has not been taken yet. . These are considered security fixes because crafted object names containing special characters could have been used to execute commands with superuser privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. (CVE-2016-5424) Checksums-Sha1: 215f402b93bba48177aa180e9a5332562224121f 3339 postgresql-9.1_9.1.23-0+deb7u1.dsc 9b3c51c4b40d69e6d84c1a0ac464828b559f7362 15856178 postgresql-9.1_9.1.23.orig.tar.bz2 28f4d7acd6210b430cbcf56f1956167c9f784764 41227 postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz c2266b56c92be3907b1ff7b84993878202145b53 196620 libpq-dev_9.1.23-0+deb7u1_amd64.deb c18f8093ea1e5626b5851182a6dec9653996ced2 140850 libpq5_9.1.23-0+deb7u1_amd64.deb b5cc14632bc25b5dab4659d51cae7ef259df0aef 96904 libecpg6_9.1.23-0+deb7u1_amd64.deb 5ff4b4235ae30679ecfd7e276e10cc5da93cf838 228742 libecpg-dev_9.1.23-0+deb7u1_amd64.deb addff255f5b7ad8c8208aad6f99fa21463761316 34352 libecpg-compat3_9.1.23-0+deb7u1_amd64.deb e9244139bf55402ef8522d90a453cd9af95d926e 55584 libpgtypes3_9.1.23-0+deb7u1_amd64.deb 215755b1329e8ec79994db7b75400e7155b93ebf 3281416 postgresql-9.1_9.1.23-0+deb7u1_amd64.deb 4ba838e28fa3afdd9b0930345667a55cbd144bc3 6733612 postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb b1fe082ac8d7018e4e4b41edc2b4536dab31cf03 1007630 postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb 3580c81add8152323756a129bb73732f240ac17d 557438 postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb a6fc5adb827d1bd632b8c971963c4e7c68b68894 1619640 postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb cb29c7f9c865dae0de3047c9a1964420e93daba7 366690 postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb 9838d90d2d12fd2b6f238ef124f3c9f846fcacfc 74964 postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb ded564fcab48a21bc8e075412b16080be863184a 58954 postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb a3f6974367f7930f3a9cc0f23bad08d0e178b316 58620 postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb 10b29a408f7265095911fcff0c1a162b03e983ae 48954 postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb Checksums-Sha256: 22b36898a0d5875572a194e94caae9bb6fb1a53c9bd3fb38785f4f15c532fe66 3339 postgresql-9.1_9.1.23-0+deb7u1.dsc 7f7471e8b3b369726f1c1df0e6a163dde63b6546c4bba985c1f36a574c75f6d5 15856178 postgresql-9.1_9.1.23.orig.tar.bz2 7eed53b001fd6652813893003e020e3db636b1b80210a0c83023b3b8899a75bf 41227 postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz 3e6cf53a3aa8df81e826ebfbc4ef272f2525a98c5ad1cfb5bd0c693e2b581a85 196620 libpq-dev_9.1.23-0+deb7u1_amd64.deb 6317ea45dfab390a8290257a947dd61b0bc9724c08c4ba8bfc2943e627262160 140850 libpq5_9.1.23-0+deb7u1_amd64.deb 905f57835d03dc9e0281f3bc8335300221b67f59a8e7052a636b25311dcb388d 96904 libecpg6_9.1.23-0+deb7u1_amd64.deb add40a0a7ab1e9370e262edeb4ff6a9bc5a184169d968d78aa34377d91e91102 228742 libecpg-dev_9.1.23-0+deb7u1_amd64.deb cc3e0c704f05e906ad349637bb4ee3c77c5cbb1113b3d73027f24dedfdbc728c 34352 libecpg-compat3_9.1.23-0+deb7u1_amd64.deb 55fd68ff63db9c0e6a80bc9d424ae254c6ae3d7391b3bc42d340e3245f14cc4b 55584 libpgtypes3_9.1.23-0+deb7u1_amd64.deb e74b64811a78707276ab3ce93ce372ed3096d44a5e10992a9bf9b790f7f082b2 3281416 postgresql-9.1_9.1.23-0+deb7u1_amd64.deb e1ad951d1f848fb70f65c9dc72462009118cdbf39a58f739888683e9cb85eccf 6733612 postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb 17a1b8b41644190ce8ddf058f9b700f6a61a9db79f945323dc566b63303f66f2 1007630 postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb 9625754d1e47b67fe4f3c63555f1485319ace64fa14d0c46396e39b188887180 557438 postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb 4563b3d78a0dc69c65dec5b0b140db78356193f96787a122c3fc6cb32c2da528 1619640 postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb 07ba942c5130b7e544b3d27030f5d9dea33fbf18045879e52e33fa2f1cbb7f31 366690 postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb 124dd69f071090340eeb8043bb6ac4bdd496f498c9236aabf1177c566f05847f 74964 postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb 8ffc5b67b388e59a67e9b50b8b1cade6a4c9c6f65969c7e1753295477c5e50a4 58954 postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb c4fdd025a2ef917f5d84d78d1c087902f56faebe2c9376c29a38dc8db4b25290 58620 postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb 17179b0831f42c41001495ffd3335f7dec3d6f9b7102b0cf15f60b9fa8e079bb 48954 postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb Files: eb5340455a460ebaa97aa7656c4b8519 3339 database optional postgresql-9.1_9.1.23-0+deb7u1.dsc 0b8e663270374206da01e3729b1e1575 15856178 database optional postgresql-9.1_9.1.23.orig.tar.bz2 3088d1df9dda592e8b7ff5763507dda1 41227 database optional postgresql-9.1_9.1.23-0+deb7u1.debian.tar.gz 25d494b17f489257ab063bd175b01219 196620 libdevel optional libpq-dev_9.1.23-0+deb7u1_amd64.deb 594a27a6eb8dba2e1b491cc88cb93829 140850 libs optional libpq5_9.1.23-0+deb7u1_amd64.deb 1157832d9af72376e9d218c11098587a 96904 libs optional libecpg6_9.1.23-0+deb7u1_amd64.deb a1c6eddebee222c55be55bb7454e9517 228742 libdevel optional libecpg-dev_9.1.23-0+deb7u1_amd64.deb 8ce94685f8103b0dde2de8a004b83614 34352 libs optional libecpg-compat3_9.1.23-0+deb7u1_amd64.deb f57f72a220e1c201fbe15bcb87270cb5 55584 libs optional libpgtypes3_9.1.23-0+deb7u1_amd64.deb c2907365f7475b4082250707277f320a 3281416 database optional postgresql-9.1_9.1.23-0+deb7u1_amd64.deb eedec74fef005f117d813486f5dba86f 6733612 debug extra postgresql-9.1-dbg_9.1.23-0+deb7u1_amd64.deb 413fca53f3259f66075b3be87e05880c 1007630 database optional postgresql-client-9.1_9.1.23-0+deb7u1_amd64.deb 2c3db1bc8a666a738a427cc2d7d916d2 557438 libdevel optional postgresql-server-dev-9.1_9.1.23-0+deb7u1_amd64.deb 57f76a07a2ec8fb8a807205072faee23 1619640 doc optional postgresql-doc-9.1_9.1.23-0+deb7u1_all.deb 8ee52010c25a6440cd2238bd7e5de18e 366690 database optional postgresql-contrib-9.1_9.1.23-0+deb7u1_amd64.deb b491da4d377e129dcaa66c55943fa226 74964 database optional postgresql-plperl-9.1_9.1.23-0+deb7u1_amd64.deb 8672d837ff51a33b4b9731e483a98871 58954 database optional postgresql-plpython-9.1_9.1.23-0+deb7u1_amd64.deb 8d2f358f2c9daa7e8751a1764792f09d 58620 database optional postgresql-plpython3-9.1_9.1.23-0+deb7u1_amd64.deb a75bb7f46b10bf131b57afca0e8bc53d 48954 database optional postgresql-pltcl-9.1_9.1.23-0+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXqxxqAAoJEExaa6sS0qeuv2MP/2cz8KSEl4l6UU2p3TAt90pu E33zB3ZOsc/AltJaV0MHXp109PocZtn6GRiSS6K12JN37AjeekZXB4C3Dv7JNLRF sfLs3Fnui/aqU+uw5N/HhWwla3eoAcpPHUu4LKO5jV1Yw9fDPcA44vJrvYF2zhWw 8LuVbV7kPeqrufbbHhoDAOVzgNmGcALabGHJoFpQqzKpyKD4cQwsQLLM8FXb0VYM gv+zwvyVx8qwwOGjzB05A487BY+ipW2L6U3NTntc+DC81lJ2ri2NsXaaftO0RaaR KcF8Peymq+Do3xx2xQ2hadBZGn2zI416zdfEsQY37eEOOAIXNRRr2AJyUw9ph/cQ XgYRTId6AMqFJP72pwZg1qthtT+vrVdtbcF6YkmnFXxj72B/04mVxfPRdT2jxven 0qnd4Gv5H6j67bWLEw9uxgi9NfxDLSeZIQiqs0t8l2Db9eeUQ2w8uW4o13IxD+cC 1mFZZ51XAySYTUymyTaBVfV2pDVNs+locdyImtxOE4XtYnKko5GcxKlPIYNXSVNe O3CIaIyWnHObrcVvRGkHDjifqO866vT1WmiyPgFeXupN4lwlGpU3U23kzYpbk56L jzuOqZJw64/lInSE5nui9t1xldxc946TMNA61ASmEIUivSTOKc2l+cCrA/83Ow02 8x7V5EMefwHseLlT3TXa =bhFD -----END PGP SIGNATURE-----