-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 07 Nov 2017 20:54:52 +0100 Source: postgresql-common Binary: postgresql-common postgresql-client-common postgresql-server-dev-all postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all Version: 134wheezy6 Distribution: wheezy-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <myon@debian.org> Description: postgresql - object-relational SQL database (supported version) postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-common - manager for multiple PostgreSQL client versions postgresql-common - PostgreSQL database-cluster manager postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-doc - documentation for the PostgreSQL database management system postgresql-server-dev-all - extension build tool for multiple PostgreSQL versions Changes: postgresql-common (134wheezy6) wheezy-security; urgency=medium . * pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806. Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for CVE-2016-1255). Checksums-Sha1: a0a8f963932173e54ff9bd24120a3a2de0fa91b6 2201 postgresql-common_134wheezy6.dsc 7f8d571d2f6189e4f72cee33de38dc62f21a7189 143209 postgresql-common_134wheezy6.tar.gz f50281028b9ee45e3b1076fac6f743e5379a88f0 47148 postgresql-server-dev-all_134wheezy6_all.deb ec264eb346bae0214b4a2155fd70ed83571907ba 42776 postgresql_9.1+134wheezy6_all.deb 0a357879cce84ab840c1ed3a1d3eaba931002c07 42794 postgresql-client_9.1+134wheezy6_all.deb 44d519b1c5cb3c82c67119a88e3338b23d3e7760 42782 postgresql-doc_9.1+134wheezy6_all.deb 79a0f767562b9f673205eb7ed51d827206b15bca 42798 postgresql-contrib_9.1+134wheezy6_all.deb 308c3f0f33147ccc294be9513d324d459ded4c60 138236 postgresql-common_134wheezy6_all.deb 3589c54b4bb045b4c012be111db09e5ed3fcd585 63572 postgresql-client-common_134wheezy6_all.deb Checksums-Sha256: f5aaf0a1328371730f9e214a76a8f29f113c7d48fa9623d14131e2b9ac3c7408 2201 postgresql-common_134wheezy6.dsc cdae55687b9bb9866ddff6f13beff5e2cb850fba3dd29c4dcaa50efe0c9746f2 143209 postgresql-common_134wheezy6.tar.gz 52d63663d822786be77df2764d69e8aca53e6b06700b9c0270a507989d661cbd 47148 postgresql-server-dev-all_134wheezy6_all.deb 06c409d0b7e9cfaf2133117401cc4c315a79709ffd4c8514e3a59d12c43339d1 42776 postgresql_9.1+134wheezy6_all.deb b2a4718ad0f3f4b00331c6f02065834d77a18a091207e45381072753d028bcab 42794 postgresql-client_9.1+134wheezy6_all.deb 9ffe41f0e19ef7bd94b316c2844d1941a7a99a086b5229713f2bceca3c94d3ba 42782 postgresql-doc_9.1+134wheezy6_all.deb 4398a95241b044dc684a9c28b2ef7c367d60491fcc2c27a148e07baec8d83a30 42798 postgresql-contrib_9.1+134wheezy6_all.deb 7b068aed305ba281179b3c693e6dd185ad30f8bb5ba67bb6dc80e8a8ff17dd06 138236 postgresql-common_134wheezy6_all.deb fc685c196aae6ab8e70e4d4987c04cb0564be428c21fc718992e1111911ea276 63572 postgresql-client-common_134wheezy6_all.deb Files: 994a5f488fd9c2206f5d0bca2c6f51bf 2201 database optional postgresql-common_134wheezy6.dsc 95be7b7fdbfb2be0fa3e328ac5cd7434 143209 database optional postgresql-common_134wheezy6.tar.gz bf7e62dc63e436c6be3f5ade21eba60e 47148 database optional postgresql-server-dev-all_134wheezy6_all.deb b58010bfbadaeebbcc03aeabc8442251 42776 database optional postgresql_9.1+134wheezy6_all.deb f78f7b887024cba7c8754233a550926b 42794 database optional postgresql-client_9.1+134wheezy6_all.deb ff829b693304a3630d46481bfa1902e5 42782 doc optional postgresql-doc_9.1+134wheezy6_all.deb 2ae1796708293c9f777885fd7aeb48f9 42798 database optional postgresql-contrib_9.1+134wheezy6_all.deb c6434a74112da6bb6482f93206bd261a 138236 database optional postgresql-common_134wheezy6_all.deb 8bf4da6df2c91e3a12984d70ae03de23 63572 database optional postgresql-client-common_134wheezy6_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAloDH6wACgkQTFprqxLS p65A2w//XYsZ+ts8uNmMnHPREAhVonjAMD37W0X6UxBL1Hr0B4l+Tcba/qphhHWK K5IRwZjQSS9kxnEdUEiFUjRY7Y7S1FhrWpJTx+RYbC+ebGUvj7nfCKjATT9Mf1dl Ffv/VZKdx+Lkb/uDZ5LhcL/bfZMnOLRpDOT93y3fqhpDw5ETh+9m2545cXQInhSA BxQJ68vv7yr+uoUp82y7LKzFxhM/jpL7VTWwZ/yz/HutYBdDRpINea/l9iWsSfFG K3tj+2UAUmFIsmt0klwgmltSEAUUaQH4/ze7XuSFSJ4AHekxqmSesvyRLzmQvkZg gSv/aos9sPC9OTUbwhm1yGarjUTvowLfcWZzwAFAwhULHMdXfFrEl2+bn1BYXIfP suKEcc1KekrUJBMMgYAJ1Dw/PkbvUY5qMJ0ab6aCjRb217C02un6TGjiP+9764SU tiB8xco/5PdnNbmOoSPXXhot+wjrN5RUOFRGMr2nYgf/PSZt6sHKhAtO5r7DYJFT +cptYC1AfveJefHZrpterdlkFChOwPNnKMfOPPpkHEk2NyAdP9FpEwCVWAUtVj9C xsglcbKTYbki+S0ChPzM3aQPf30oPBcS7aas+uJQ8zY1nMTfE4pTe4h4SM7tQ4/g IasEXvaXgcVBzFu6L9Kk9i+7JHoA4Gri/GKgufb8Agj4ppywcRU= =LPEy -----END PGP SIGNATURE-----