-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Aug 2016 17:19:59 +0200
Source: postgresql-9.5
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5
Architecture: source
Version: 9.5.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org>
Changed-By: Christoph Berg <christoph.berg@credativ.de>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.5 - object-relational SQL database, version 9.5 server
postgresql-9.5-dbg - debug symbols for postgresql-9.5
postgresql-client-9.5 - front-end programs for PostgreSQL 9.5
postgresql-contrib-9.5 - additional facilities for PostgreSQL
postgresql-doc-9.5 - documentation for the PostgreSQL database management system
postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5
postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5
postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5
postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5
postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming
Changes:
postgresql-9.5 (9.5.4-1) unstable; urgency=medium
.
* New upstream version.
.
+ Fix possible mis-evaluation of nested CASE-WHEN expressions
(Heikki Linnakangas, Michael Paquier, Tom Lane)
.
A CASE expression appearing within the test value subexpression of
another CASE could become confused about whether its own test value was
null or not. Also, inlining of a SQL function implementing the equality
operator used by a CASE expression could result in passing the wrong
test value to functions called within a CASE expression in the SQL
function's body. If the test values were of different data types, a
crash might result; moreover such situations could be abused to allow
disclosure of portions of server memory. (CVE-2016-5423)
.
+ Fix client programs' handling of special characters in database and role
names (Noah Misch, Nathan Bossart, Michael Paquier)
.
Numerous places in vacuumdb and other client programs could become
confused by database and role names containing double quotes or
backslashes. Tighten up quoting rules to make that safe. Also, ensure
that when a conninfo string is used as a database name parameter to
these programs, it is correctly treated as such throughout.
.
Fix handling of paired double quotes in psql's \connect and \password
commands to match the documentation.
.
Introduce a new -reuse-previous option in psql's \connect command to
allow explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether the
database name looks like a conninfo string, as before.) This allows
secure handling of database names containing special characters in
pg_dumpall scripts.
.
pg_dumpall now refuses to deal with database and role names containing
carriage returns or newlines, as it seems impractical to quote those
characters safely on Windows. In future we may reject such names on the
server side, but that step has not been taken yet.
.
These are considered security fixes because crafted object names
containing special characters could have been used to execute commands
with superuser privileges the next time a superuser executes pg_dumpall
or other routine maintenance operations. (CVE-2016-5424)
.
* Remove conditional multi-arch compilation, all supported dists are
multi-arched now.
* Use explicit xz compression for wheezy and precise
Checksums-Sha1:
eab6caa759f6ef83b5526ebbf7bcf80a6343a1d7 3617 postgresql-9.5_9.5.4-1.dsc
bdbbecf691354a689c599631256d41eaa8824c66 18496299 postgresql-9.5_9.5.4.orig.tar.bz2
6af2ca6f93955a6fea5b2206b533973c2e638100 22368 postgresql-9.5_9.5.4-1.debian.tar.xz
Checksums-Sha256:
c42ca9c6d0c7422f11c102417cfeec82b0e1a0cce76edc1455ddb7167d9f5476 3617 postgresql-9.5_9.5.4-1.dsc
cf5e571164ad66028ecd7dd8819e3765470d45bcd440d258b686be7e69c76ed0 18496299 postgresql-9.5_9.5.4.orig.tar.bz2
ac9d0b1f2f531c7681eb736c461ddb6ad92f893cfdd24230dece847c9fe6540b 22368 postgresql-9.5_9.5.4-1.debian.tar.xz
Files:
50acc585a6ebce94809ded955679c823 3617 database optional postgresql-9.5_9.5.4-1.dsc
ad36fcf624748b8ed67783ad04529f43 18496299 database optional postgresql-9.5_9.5.4.orig.tar.bz2
ab65d11ceac4c9473676374a59ba0115 22368 database optional postgresql-9.5_9.5.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXrHubAAoJEExaa6sS0qeufPYP/jQMAlJPlN5UqM6r4w+ZBJEM
xLGf+ZLALuviG2MKDU+977gFV4ENkR0ZgyE3ctHxu1BiFhZndR+2WN0RDjDcYxD0
79NDTKtZYIG/C3Jvx0at7WMCXydiVEFWlqvqH8slLlqcX/qJqV1zDPjoMHGiyqJZ
GMIU4Vbu9ValvQ+WwMI7XzjhlYouHzO+/SJMTtw3GUPELuEnIVqkcfE00/S2A/Du
d/eryaku97BdTlAh3l7t2Btk6z8jIQVQJGR5dPITma3HfUXN2QgUAJtkiV7cI1Kk
A9F5kZGEdyJTfIConBScl7mUAIqHgOBnnzLRV4cB0XmD8pzYkyZHjWXD6yOsGS0M
qwp53ee8wUBsJy36PYxuxfJlpImds98x/3zHrl5y0B13bHV4bk7/b1zfxJ5oUElj
3aw7C991b3UZoIr1bxYOK1PLkoUEos7W2RLAQbi3gdtBfqGeI9vvd5kNMA8mp0bZ
xbeQi8IO3bFZ6q1UCPnaZNoiuhr/s1HERh2FXL2/SmswFaJGMkIh/XVpUAb1LlMZ
4hThdt0I1KwpWext6UeufM5Ib5hUNLAvJBTQ/KD7weQ7G5xNJx/RmAiR/Kg+QSFa
sllMRdsJMXeM980I/IgddSdJpSZX7ZE1bsUFLMks6cFrMb8bq/LCdUSDR6pobpkT
Ch8kYD5J8Wthj/tCxmzj
=6IaT
-----END PGP SIGNATURE-----
