-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 06 Aug 2018 16:14:28 +0200 Source: postgresql-9.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4 Architecture: source amd64 all Version: 9.4.19-0+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <pkg-postgresql-public@lists.alioth.debian.org> Changed-By: Christoph Berg <christoph.berg@credativ.de> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.4 - object-relational SQL database, version 9.4 server postgresql-9.4-dbg - debug symbols for postgresql-9.4 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4 postgresql-contrib-9.4 - additional facilities for PostgreSQL postgresql-doc-9.4 - documentation for the PostgreSQL database management system postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming Changes: postgresql-9.4 (9.4.19-0+deb8u1) jessie-security; urgency=medium . * New upstream version. + Fix failure to reset libpq's state fully between connection attempts . An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915) . * Add new pgtypes header and symbol. Checksums-Sha1: 1c410b4f549da63196aaa3c260315e6aa26591a8 3546 postgresql-9.4_9.4.19-0+deb8u1.dsc 7f153fd150a07f7515e7e1aa2e704ce88b13173c 17879273 postgresql-9.4_9.4.19.orig.tar.bz2 0b3ec8d8554ee362e5cc3cf1cd9a590ba30fcc4b 26560 postgresql-9.4_9.4.19-0+deb8u1.debian.tar.xz 8eac114f6ef014484a552148da56965aedae33ca 167376 libpq-dev_9.4.19-0+deb8u1_amd64.deb 4bd0a9ba10c922f189061908261e4a9f1d373eb5 128216 libpq5_9.4.19-0+deb8u1_amd64.deb ff28940625db4100a30e33be763f5ea11f9e22e2 82978 libecpg6_9.4.19-0+deb8u1_amd64.deb da8035e73a1601fb2e4e73046d0352c9ae44d524 221098 libecpg-dev_9.4.19-0+deb8u1_amd64.deb d5a06482c01a32c35bf3444cc1198f1045464043 18640 libecpg-compat3_9.4.19-0+deb8u1_amd64.deb 4b52986d8c7a48c4d488f41bd44cdca2c060708a 40704 libpgtypes3_9.4.19-0+deb8u1_amd64.deb 7010a47446378caf4b1825128ff49ff656fd1bd5 3710656 postgresql-9.4_9.4.19-0+deb8u1_amd64.deb 79554d818dee11dc702c78bc702d09eec4a219e9 12264700 postgresql-9.4-dbg_9.4.19-0+deb8u1_amd64.deb ccbc4c9e3bbcb515ca3deab897b505abac2b94d1 1102078 postgresql-client-9.4_9.4.19-0+deb8u1_amd64.deb e5951b5fbba486d81935c07002ec1a9a370120cd 646836 postgresql-server-dev-9.4_9.4.19-0+deb8u1_amd64.deb 204b841bbdd3e23ca897ca4fee779850781e4669 1904000 postgresql-doc-9.4_9.4.19-0+deb8u1_all.deb f3f3860edf6a10e52e2b3b1ea71258ce4a9c8b95 456746 postgresql-contrib-9.4_9.4.19-0+deb8u1_amd64.deb 6133031e29724e0172f5e0fbbce7f08918353666 56598 postgresql-plperl-9.4_9.4.19-0+deb8u1_amd64.deb f6faade0d1352596f29931ecacb22b77385b5349 48144 postgresql-plpython-9.4_9.4.19-0+deb8u1_amd64.deb bb6c1aad39019847f726292f390ecb81646059ed 47742 postgresql-plpython3-9.4_9.4.19-0+deb8u1_amd64.deb 9550552d5f0d496f3aa2bf6faffe873fbbc0f88e 33392 postgresql-pltcl-9.4_9.4.19-0+deb8u1_amd64.deb Checksums-Sha256: 53821a217db0df2ec4fc8e3cb1eb7f92cc992ec605c75df177dd4a5b3bd9d4ec 3546 postgresql-9.4_9.4.19-0+deb8u1.dsc 03776b036b2a05371083558e10c21cc4b90bde9eb3aff60299c4ce7c084c168b 17879273 postgresql-9.4_9.4.19.orig.tar.bz2 904e0f0e337c9fd83afa5026cb44c161f846682874b79687d6cbccfcb2a264a7 26560 postgresql-9.4_9.4.19-0+deb8u1.debian.tar.xz a72e009a82e3d5190df46c5b8ea20ae27321a238df4d96268590b3bc348b7337 167376 libpq-dev_9.4.19-0+deb8u1_amd64.deb c196ef25ee5d586104f2bfcb606d5da92500ba4b8bf2106757ed61655fbce07f 128216 libpq5_9.4.19-0+deb8u1_amd64.deb 88c941c4b3de052305f0c8e3ffe1a5105f9713d056f241c3281e8ae9e26d5938 82978 libecpg6_9.4.19-0+deb8u1_amd64.deb 7b4348093c0ca2ba4ce651ea10f3498b88ba588c76535415d8af3e4c28c47c01 221098 libecpg-dev_9.4.19-0+deb8u1_amd64.deb d815a29e22b3888542b4837133d146b6d7e8612cd92c9f0be660be6074138a4a 18640 libecpg-compat3_9.4.19-0+deb8u1_amd64.deb 9d096664448cbf6af43503d0e0c0df69ece09cc8181976b396300840524859a7 40704 libpgtypes3_9.4.19-0+deb8u1_amd64.deb bba0fac313964b9d0017bac908104d9823121e66786ecbd516ef59d78a4cd2dd 3710656 postgresql-9.4_9.4.19-0+deb8u1_amd64.deb 2ae69b8f144db6e15719ccac5df46f4358df92c5889951eaff7a041cc89c8f33 12264700 postgresql-9.4-dbg_9.4.19-0+deb8u1_amd64.deb 80f91e2ac77f9f2e555c8f3b8600bd4150d953d0b418390d51a503ba49921288 1102078 postgresql-client-9.4_9.4.19-0+deb8u1_amd64.deb f26dc5bfb54118b53a33cb155674f1aaad9814681f6b819e6207d103adef37f6 646836 postgresql-server-dev-9.4_9.4.19-0+deb8u1_amd64.deb 095c6b37ad7a6a7b96e81b0103f0900c8d89e2c2ed6d7dd106688a4ae9ebf98c 1904000 postgresql-doc-9.4_9.4.19-0+deb8u1_all.deb ab560d8ba2ed64f1acb4c27102f75590e2b7e96f7109f8887a90fa3aa850baf3 456746 postgresql-contrib-9.4_9.4.19-0+deb8u1_amd64.deb ad90edeae689c58cc2a2359420acbbb6fe8a31e36e291ede9bda7e42f72db09a 56598 postgresql-plperl-9.4_9.4.19-0+deb8u1_amd64.deb cee278abfb51204a8f4cf86e18b520a9412e1c3a6f93a46aa41d08c78a3a3167 48144 postgresql-plpython-9.4_9.4.19-0+deb8u1_amd64.deb 23ff63b10ee201cfd9bb770ed00997f780c251c5d6a73a53629079a716142f18 47742 postgresql-plpython3-9.4_9.4.19-0+deb8u1_amd64.deb d94926251ddef5db32962bb70f8e833710d8f51cafcf935400c52d66c5c5304c 33392 postgresql-pltcl-9.4_9.4.19-0+deb8u1_amd64.deb Files: d59e502a6485092695ffe65395ff8b15 3546 database optional postgresql-9.4_9.4.19-0+deb8u1.dsc c7b24ea742692f33376ee40716f8b3ac 17879273 database optional postgresql-9.4_9.4.19.orig.tar.bz2 aa6858716bd7366a52762de3b5e32ea8 26560 database optional postgresql-9.4_9.4.19-0+deb8u1.debian.tar.xz 7765edecc8c256082de9300aa068c9c3 167376 libdevel optional libpq-dev_9.4.19-0+deb8u1_amd64.deb eed35b6f22eb94040e2af5fac426e32e 128216 libs optional libpq5_9.4.19-0+deb8u1_amd64.deb cc2cfd74a1ab594575a0e4e82479c289 82978 libs optional libecpg6_9.4.19-0+deb8u1_amd64.deb 5f60aa085b080e29d2f07930a82a1124 221098 libdevel optional libecpg-dev_9.4.19-0+deb8u1_amd64.deb 006cf669baf3e58e6f978fc2ffea282d 18640 libs optional libecpg-compat3_9.4.19-0+deb8u1_amd64.deb 2b559704309cab60fe9e9868a4de5914 40704 libs optional libpgtypes3_9.4.19-0+deb8u1_amd64.deb 19381cd67db8625322afe6ce95308fa2 3710656 database optional postgresql-9.4_9.4.19-0+deb8u1_amd64.deb e768448fa5034a6dee60b076e85704d6 12264700 debug extra postgresql-9.4-dbg_9.4.19-0+deb8u1_amd64.deb 04d1f97b874d0e80d8fc787343e3da54 1102078 database optional postgresql-client-9.4_9.4.19-0+deb8u1_amd64.deb 4d161344d487c4a71add5a7ed2f1e081 646836 libdevel optional postgresql-server-dev-9.4_9.4.19-0+deb8u1_amd64.deb 21f8dcfc4bc369c54376c4aca7f39a39 1904000 doc optional postgresql-doc-9.4_9.4.19-0+deb8u1_all.deb 496cfb372bd33f100d81c84a4dfb5059 456746 database optional postgresql-contrib-9.4_9.4.19-0+deb8u1_amd64.deb fa65d9a3ef0a0c414d7b8dabbb042661 56598 database optional postgresql-plperl-9.4_9.4.19-0+deb8u1_amd64.deb 32059f44136880e2ff67837b1d8b2365 48144 database optional postgresql-plpython-9.4_9.4.19-0+deb8u1_amd64.deb d2ad460b71156a26d1598310dbb0a729 47742 database optional postgresql-plpython3-9.4_9.4.19-0+deb8u1_amd64.deb 76fc8d3d450ab374c1185f333943e723 33392 database optional postgresql-pltcl-9.4_9.4.19-0+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAltt4tUACgkQTFprqxLS p65Eyg//b+couBTVtArLQsuJxYbQulkrhiabd+oktH0qZo4Tsvgm+uAUKACygrnT Iq8sk7nASjhLWbNCMXWAWwsuy/Cik+VeRI0fZQLUIpwZGLxSmp7Lq+s67biv5eGH DPMx+N4yJ5m+Ea26ndMiUulT2bYaGGwxia5VVyhEewXocPrw8ZTasLb39mho17Hf IWr/cGECNm9l7xw5T+/GTNr+2CuAw1Hmh9k9XhvjdA8s5aqovsKbhRr25bmg/Cew 6sGEvnJhbn873rDJeqM//GxKkCFhb2BjhpSSsRNpMWl/HauxuFncrK4ggZ0GYkFN yu4tEkkGrI29SHT5jrzSLzMZvHQB0ZHDF3WpF3SenCz6uYeQKeF+fVKQc8AQMjKV 0ERvWtYqqQAAKMkN107gIgfZLzNYgg0yIFUIRIEV7WBp0zUO0jf6mB3ExDTMdWwE abxyQGoPfA33DtOqeFGRvgK7fDJb9UEQurG1OPLKEC1hSl1Hqcia0loCdsYKdtjz 3GmeajTXc3lp4kwptKmprcUsmIaVYwZOYF4mdv644YZrXFiCX5bdOz0LtGPpEWK0 4kt7aDQV5QhIW6NSk2srl2oqTQMphjx/3tGfxvSNCnDdc8jOZSum1Vj2tEyrxrrE /+TulURgb1FC3ije58Mv9r8srhXMeWMAxTxXWK9YVnt21w2/MBk= =rSrQ -----END PGP SIGNATURE-----