-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 07 Nov 2017 20:54:52 +0100 Source: postgresql-common Binary: postgresql-common postgresql-client-common postgresql-server-dev-all postgresql postgresql-client postgresql-doc postgresql-contrib Architecture: source all Version: 165+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <myon@debian.org> Description: postgresql - object-relational SQL database (supported version) postgresql-client - front-end programs for PostgreSQL (supported version) postgresql-client-common - manager for multiple PostgreSQL client versions postgresql-common - PostgreSQL database-cluster manager postgresql-contrib - additional facilities for PostgreSQL (supported version) postgresql-doc - documentation for the PostgreSQL database management system postgresql-server-dev-all - extension build tool for multiple PostgreSQL versions Changes: postgresql-common (165+deb8u3) jessie-security; urgency=medium . * pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806. Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for CVE-2016-1255.) Checksums-Sha1: 7c00730c1eefec5873ed34f0541bbde90c85cbc4 2304 postgresql-common_165+deb8u3.dsc 1330d9681f8b91a4ddb4eae074c1715fafa46616 187796 postgresql-common_165+deb8u3.tar.xz d08dc4aa3bcd3f3f38aa6d70e42fb8af070cac2b 59510 postgresql-server-dev-all_165+deb8u3_all.deb e367c4e79ab88d3e0060eb75fca5bc6f1248770c 52372 postgresql_9.4+165+deb8u3_all.deb a5caf8a6ea291f769a51e8947134f3251c797af6 52388 postgresql-client_9.4+165+deb8u3_all.deb 6b8135ae72b734b94b9a9fa03def48046129d8ee 52384 postgresql-doc_9.4+165+deb8u3_all.deb 026ee9d1c84ac3b1b0facddca82118e1700ed929 52386 postgresql-contrib_9.4+165+deb8u3_all.deb 6dc0c64132c075ab678835e8f844e1ab1355de7c 202756 postgresql-common_165+deb8u3_all.deb 5a8c84b8e572f92456acc3046a1335c809004bf2 73804 postgresql-client-common_165+deb8u3_all.deb Checksums-Sha256: a7597c675757989bfff51640c1ef0f19be048beff3eb28ceb7a67cf38215891d 2304 postgresql-common_165+deb8u3.dsc 3fd14182eca078f547f8cebc08346572d0489304dd2dfbd31868cf7a787af1a2 187796 postgresql-common_165+deb8u3.tar.xz 0d0ca35e36a9337d73f3a6eb69bae8034febd4718d4b83280375aa9b59bd4896 59510 postgresql-server-dev-all_165+deb8u3_all.deb b133d2a9ebf90e5cc0a343f741abf14992dc864c5858fd87b3cb820c8152cc68 52372 postgresql_9.4+165+deb8u3_all.deb 3b3f4c39f31d0fbc90e1ceab061625b865bcf5c95440ee73cddfd9d985ad72d0 52388 postgresql-client_9.4+165+deb8u3_all.deb 73a7672a175d03c5d61b9d856f5e3331d18f5f487d700295a3bce79c2e0cccd1 52384 postgresql-doc_9.4+165+deb8u3_all.deb 5e6ba4aed33bb92b0877f1bf1a3162b235883b5b3611ae319626f845e416224f 52386 postgresql-contrib_9.4+165+deb8u3_all.deb f83030c912d2ab2dcec6959035aeb6e6f5b50a77a834b45b4ac0efd92b8bc1a4 202756 postgresql-common_165+deb8u3_all.deb b30ef0c723d01d522e0d4769c911cc4d43ee656ce959db45b9c24a91ae8805a7 73804 postgresql-client-common_165+deb8u3_all.deb Files: 7faf7986ee1ca105ef5340a9b35c3034 2304 database optional postgresql-common_165+deb8u3.dsc aded572fb0be3efd6c66c6cb8e73d63a 187796 database optional postgresql-common_165+deb8u3.tar.xz 3e55c66fce6a5da4c14205fa3bcfab78 59510 database optional postgresql-server-dev-all_165+deb8u3_all.deb 442633f00ac9d4eb5ad7487d4da3b44a 52372 database optional postgresql_9.4+165+deb8u3_all.deb 72839e3f2a2d072952ecafe29daaac09 52388 database optional postgresql-client_9.4+165+deb8u3_all.deb be897bab8e421565925d295e79c47cd2 52384 doc optional postgresql-doc_9.4+165+deb8u3_all.deb 4d9b36015a8009d402b907107136e19a 52386 database optional postgresql-contrib_9.4+165+deb8u3_all.deb 133509f051978cfbbe3c527b0668f34d 202756 database optional postgresql-common_165+deb8u3_all.deb 15ece5eddaa5b4e066a1a5349b4be22d 73804 database optional postgresql-client-common_165+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAloDG+cACgkQTFprqxLS p67+LQ//cJNNjhJS1NGvX8cSgDe2N3u11LGa7eELvAmxtBffjnNJrSPQBm3bcJPY PVYrvlox/Jeihy2dR8mYTo3BZ8RPF8gy8716A2IdmsaLvM/EzaF7ddNFfohnVKfb xp0EuucYmdDHD0x8AnWAm5UoFeRZG8CsZnWtifru9Uo8urJ/SUUtSnshLykW89Dy +9YauUAR5/RUxZWKQIymdUhgKikSTmn5zt74dNjXY2MnmJyVFWT4jTncRTYV7+WS 7TOZMRsOMDHYCJeFpLhv9Aspo0DwP+MMc2dkQC076uYHtqx6fXRDc5KU1mSQvH1P 3ZyMg1AuoUJMMji1pzLvtnFii8thDZ7U5pIdoPMdDWiRR8GwSP65d6BxzyPv6Nz4 eMIs7xvaBz+9U9n+yCVd56FlsQWEfTudWE0M/d3nV6Eq2TMmJAavuhSkB5vy7vBa C57W1ZHFJj9WEIBp9X8GlFT7uokiLfehzN3mWqu6kxGzqRJls3ob7bII0YAll4B8 1wPXcgpM2mzdPbQOUdd9Lx+lNIATeffwF5xwaboEXTuEiKforchizpJ3FLpetJ46 xgK+qaDKi6dGHj/gxLse19ADbxcrvMTcb1zdvvHkIkY8gTjdyTJZJAI9IdH/yynv tFG5dB514s6kVUL9mqpnhts8Q7OxaNEXBuVNEP1BrpuK5t4CRQ0= =TQU5 -----END PGP SIGNATURE-----