Format: 1.8 Date: Wed, 20 May 2015 10:50:22 +0200 Source: postgresql-9.4 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.4 postgresql-9.4-dbg postgresql-client-9.4 postgresql-server-dev-9.4 postgresql-doc-9.4 postgresql-contrib-9.4 postgresql-plperl-9.4 postgresql-plpython-9.4 postgresql-plpython3-9.4 postgresql-pltcl-9.4 Architecture: i386 i386_translations Version: 9.4.2-1 Distribution: wily-proposed Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.4 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.4 - object-relational SQL database, version 9.4 server postgresql-9.4-dbg - debug symbols for postgresql-9.4 postgresql-client-9.4 - front-end programs for PostgreSQL 9.4 postgresql-contrib-9.4 - additional facilities for PostgreSQL postgresql-doc-9.4 - documentation for the PostgreSQL database management system postgresql-plperl-9.4 - PL/Perl procedural language for PostgreSQL 9.4 postgresql-plpython-9.4 - PL/Python procedural language for PostgreSQL 9.4 postgresql-plpython3-9.4 - PL/Python 3 procedural language for PostgreSQL 9.4 postgresql-pltcl-9.4 - PL/Tcl procedural language for PostgreSQL 9.4 postgresql-server-dev-9.4 - development files for PostgreSQL 9.4 server-side programming Closes: 781361 Changes: postgresql-9.4 (9.4.2-1) unstable; urgency=medium . * New upstream version. . + Avoid possible crash when client disconnects just before the authentication timeout expires (Benkocs Norbert Attila) . If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165) . + Improve detection of system-call failures (Noah Misch) . Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure. . It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166) . + In contrib/pgcrypto, uniformly report decryption failures as Wrong key or corrupt data (Noah Misch) . Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167) . + Protect against wraparound of multixact member IDs (Álvaro Herrera, Robert Haas, Thomas Munro) . Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound. . + pg_dump -Fd -Z compression level fixed. (Closes: #781361) . * Make postgresql-9.4 Recommends: postgresql-contrib-9.4. * Enable TAP tests. * Repository moved to git, update Vcs headers. Checksums-Sha1: ac1e68ed8342a67839afd8232344f932917abf3f 150846 libpq-dev_9.4.2-1_i386.deb 1a77c658437b70364a0b890d5520d071680f358c 83522 libpq5_9.4.2-1_i386.deb ad46da7e3497cc8799a2722aa7cf4dac84b6f053 37722 libecpg6_9.4.2-1_i386.deb 51d7e4050cbe3fb8e940b7f71f74478fc917c9ef 215746 libecpg-dev_9.4.2-1_i386.deb d9e27e70b8098bc9df56c8cdac80fcaf07668755 10796 libecpg-compat3_9.4.2-1_i386.deb 978d7b0a3405018dfdc663ad091d92d913fa72dd 38266 libpgtypes3_9.4.2-1_i386.deb f8d8038f9e8beedbf9119497437dda64fa248e7f 2876980 postgresql-9.4_9.4.2-1_i386.deb 0463aec45ba0e7f1b073b965d52c231ab5bfeaad 8914488 postgresql-9.4-dbg_9.4.2-1_i386.deb 94ef7a40711be34262c18d3c6fb5e2383f72ef49 800774 postgresql-client-9.4_9.4.2-1_i386.deb 77cb4a7df39def855beffebd3902af522d419875 632232 postgresql-server-dev-9.4_9.4.2-1_i386.deb f29fd11a132f5971aeefbb2bdb60d91b58c4c4a1 462166 postgresql-contrib-9.4_9.4.2-1_i386.deb 93b5731f5164b7f83f497efb41d4c74318fbc8d9 42176 postgresql-plperl-9.4_9.4.2-1_i386.deb 25b320d72d4b2020f1e04eb134b1c4c7f094a049 40412 postgresql-plpython-9.4_9.4.2-1_i386.deb 263cbb05e9c07e89e1ddf51897fec4a49f772a6a 40016 postgresql-plpython3-9.4_9.4.2-1_i386.deb ddb379139349f29364fdef3f2b089a9bd4d69002 22196 postgresql-pltcl-9.4_9.4.2-1_i386.deb 6cf1843b5a63dfca42e093d424fce5b51821a8bb 930 libpq-dev-dbgsym_9.4.2-1_i386.ddeb 3478c4fc1a2a376cf0ffc22becdd8b77db59a6fe 1022 libpq5-dbgsym_9.4.2-1_i386.ddeb 2b574bc7b979605c272d7189640eb8b7db723e59 904 libecpg6-dbgsym_9.4.2-1_i386.ddeb 552054e2917c014966280407931a6eec73831818 1016 libecpg-dev-dbgsym_9.4.2-1_i386.ddeb dedd0206f5f5ebdcad490e49c04b2a37682ad88b 910 libecpg-compat3-dbgsym_9.4.2-1_i386.ddeb 3bab64e0a1630b1c5fae6dfc39d16e1e8955e352 906 libpgtypes3-dbgsym_9.4.2-1_i386.ddeb 314ab72f339b986fe851110a51120d2424a52b10 1220 postgresql-9.4-dbgsym_9.4.2-1_i386.ddeb e1efc2069d1b9e3481d383e75c4579ad66d9816b 1072 postgresql-client-9.4-dbgsym_9.4.2-1_i386.ddeb 1f4274e0acba8f10796aaa6bcb87f2a221eba59a 1014 postgresql-server-dev-9.4-dbgsym_9.4.2-1_i386.ddeb f0e31ae482b9f0efa8398800c2a456bfc83b7b00 2212 postgresql-contrib-9.4-dbgsym_9.4.2-1_i386.ddeb fff1f3f136dd73af2cc8735559b0ee59cbcf8276 958 postgresql-plperl-9.4-dbgsym_9.4.2-1_i386.ddeb 97bc94c5d87dc75b1c90c79fe0b6fb2eca21a389 958 postgresql-plpython-9.4-dbgsym_9.4.2-1_i386.ddeb cf3aa8953cddb28fa3fc17f63df1904c98c20aae 962 postgresql-plpython3-9.4-dbgsym_9.4.2-1_i386.ddeb 7f0f68dbd596291d4d65a6e0b62973a13680a9d4 956 postgresql-pltcl-9.4-dbgsym_9.4.2-1_i386.ddeb 2e3bba92cecd99952e3c1751cf6d8c2e072fb99f 5379279 postgresql-9.4_9.4.2-1_i386_translations.tar.gz Checksums-Sha256: 3534a5025b4f82011389ee20da0a65c64ae009b9e62d0c3fe5973a65827dba59 150846 libpq-dev_9.4.2-1_i386.deb c4e1b14a61e4704cf886f65b3bcf95614f8bb29c6897131d9e9d64e6709d0f45 83522 libpq5_9.4.2-1_i386.deb fa02bfcbad1cf378c44968eaee3f18de0288b782d39bc8d1c6d6df2a26f1e5ac 37722 libecpg6_9.4.2-1_i386.deb ce5d77fdfa4125976978258b3003563823bc73c7c093e48cf8734bea36f97e47 215746 libecpg-dev_9.4.2-1_i386.deb 155869b8c5913406343ed66109b3a49dd3b5e3335e937192d5cf60dc86c3df2c 10796 libecpg-compat3_9.4.2-1_i386.deb a141b6908782e3bd6ffb0516c7283c4e77d4386a0894e95a156346872e0caaaf 38266 libpgtypes3_9.4.2-1_i386.deb fed5e68a21f2a1d28fa5c2412aa3dd5bb591f5b59c62aaa8d4dce91f9695e6eb 2876980 postgresql-9.4_9.4.2-1_i386.deb d5e1bc559689641a5007fef53cd7b5d3e2db0c86a0658de278320659c107fd76 8914488 postgresql-9.4-dbg_9.4.2-1_i386.deb 2a9f66cdf0be469275fddb021ca1db19b4e5cde2c3d3c173c4a5ab0b083d64f1 800774 postgresql-client-9.4_9.4.2-1_i386.deb 52da3cc469666fa7a11574d5dbf43e9533e3fbaf6131bea4f00907ad47830f69 632232 postgresql-server-dev-9.4_9.4.2-1_i386.deb 57c3a92d87febbacdcdbc7fd40023a1f03d03c6c23fd1e312e504e25b50e6ad6 462166 postgresql-contrib-9.4_9.4.2-1_i386.deb f5758130b528598826e7b1c639d58105bbbef4eda350fbf9b2842f24dee296dd 42176 postgresql-plperl-9.4_9.4.2-1_i386.deb b27af5a8b02f7ae42e9c1f31087bfcd07c6a7c7e7dc577ba7823b2895adad74c 40412 postgresql-plpython-9.4_9.4.2-1_i386.deb 945b7d8fb55eb298bf63b06a9aa14ef8a4eb56f84a3525979f0275688fd9b6e8 40016 postgresql-plpython3-9.4_9.4.2-1_i386.deb 2b23668b6095ea245f79113aa80a3a27f5e82b155e4a72644d7b9374a5120880 22196 postgresql-pltcl-9.4_9.4.2-1_i386.deb 4224188bdf6120454fc68171e1d6c0e8a4790a6bda013a97e5f7b286e998f0b2 930 libpq-dev-dbgsym_9.4.2-1_i386.ddeb 77d5a3777fa40411e83eb1ae472a904ee5f1ac587550fb4582a440210ac25530 1022 libpq5-dbgsym_9.4.2-1_i386.ddeb c7033eea8c49b4e3950c479364e4ca028a62a9f6c6787467282cbf3e11e09abd 904 libecpg6-dbgsym_9.4.2-1_i386.ddeb cf142acbcf679255e6cbc73ce484b83194b144f12e54c245d6f665ac2bc6ce04 1016 libecpg-dev-dbgsym_9.4.2-1_i386.ddeb 1a8f91915b5f3ec724d9ca10833739e77edf5fddbdaf3f890fe4f6ac37860b39 910 libecpg-compat3-dbgsym_9.4.2-1_i386.ddeb 679cdb034605bb58071d159845074526b03c6561e79e173cfede5f954f26cdae 906 libpgtypes3-dbgsym_9.4.2-1_i386.ddeb d93a39bd415e19d64fd358c4d381eb080bc71628dec37faff0a3be1e82bf145e 1220 postgresql-9.4-dbgsym_9.4.2-1_i386.ddeb 4096316fe0d130a65da00b62c7785e7eb328d07be3cd8041d06fa04950ec05d1 1072 postgresql-client-9.4-dbgsym_9.4.2-1_i386.ddeb b754bce2389a6713b4f3af51c936ac77cb901c943625767cf08de4eadbe596e3 1014 postgresql-server-dev-9.4-dbgsym_9.4.2-1_i386.ddeb 183668fc1e4958dc0fda98739da86de8e8079fcd821dde9ddc840c358e2dc1ba 2212 postgresql-contrib-9.4-dbgsym_9.4.2-1_i386.ddeb 7c5a148b2f167622e5e812a7333d6aa9c9042d807efc425d127efb3a75fb1121 958 postgresql-plperl-9.4-dbgsym_9.4.2-1_i386.ddeb 5a645ffe8a7a1f370510f785f72bd6ae02c57eb2b8228703113a909691d6edd6 958 postgresql-plpython-9.4-dbgsym_9.4.2-1_i386.ddeb 5f4e7f41b93c793aefc43536b7828311ef5fce8164a53ebae1242422dcd918e8 962 postgresql-plpython3-9.4-dbgsym_9.4.2-1_i386.ddeb 7f33b63718ccce3be22af4fd2817e274f58c4f046287490fb9bc97924fbab54a 956 postgresql-pltcl-9.4-dbgsym_9.4.2-1_i386.ddeb 35bd8f26d6b18dee0927d8a211230f3b104274863b7140c2f06dedd5a5d3b859 5379279 postgresql-9.4_9.4.2-1_i386_translations.tar.gz Files: 97fd761e8377ca71a1318187f88d5d0d 150846 libdevel optional libpq-dev_9.4.2-1_i386.deb 63e7841b21802624c8072762ecb47542 83522 libs optional libpq5_9.4.2-1_i386.deb 22e0b563bdcc82d63f8c76fc439f1104 37722 libs optional libecpg6_9.4.2-1_i386.deb ec58b56e85291fabbb74551f71acd714 215746 libdevel optional libecpg-dev_9.4.2-1_i386.deb 7d0cfa07d28c60267421fda831eaeb41 10796 libs optional libecpg-compat3_9.4.2-1_i386.deb 28e58d83eed5bc466e80626a0840c1aa 38266 libs optional libpgtypes3_9.4.2-1_i386.deb 4e12be31d4176166e46f0056a2218efd 2876980 database optional postgresql-9.4_9.4.2-1_i386.deb e035eb3eccf47795dd16b4659f3aae58 8914488 debug extra postgresql-9.4-dbg_9.4.2-1_i386.deb 6235598a6a40936113e9032f09298cf5 800774 database optional postgresql-client-9.4_9.4.2-1_i386.deb 593254df7e67f459443357bd269cc7b0 632232 libdevel optional postgresql-server-dev-9.4_9.4.2-1_i386.deb 399b785c2f38206dfbb9b65d8f8d563d 462166 database optional postgresql-contrib-9.4_9.4.2-1_i386.deb efbe594ed0a98b83a19330f001c243f5 42176 database optional postgresql-plperl-9.4_9.4.2-1_i386.deb b28a20e7c418aac55f21f01dbfda0f73 40412 database optional postgresql-plpython-9.4_9.4.2-1_i386.deb 3f722713b5c66848d4f97ff2860bd124 40016 database optional postgresql-plpython3-9.4_9.4.2-1_i386.deb 06dfc7efdee9f9a360be382caf3b5b41 22196 database optional postgresql-pltcl-9.4_9.4.2-1_i386.deb 3e8b16123b9f33cd960c45559b73a8a1 930 libdevel extra libpq-dev-dbgsym_9.4.2-1_i386.ddeb 79e64024efc46ec7c09c23c9250eff44 1022 libs extra libpq5-dbgsym_9.4.2-1_i386.ddeb 6a7fc04b3f40c5159efd4c31dc2328b7 904 libs extra libecpg6-dbgsym_9.4.2-1_i386.ddeb 366f244e744b77b178a4679e89bb541a 1016 libdevel extra libecpg-dev-dbgsym_9.4.2-1_i386.ddeb 37a7c3673735cacdd5a7092816c50b23 910 libs extra libecpg-compat3-dbgsym_9.4.2-1_i386.ddeb 7f8dc679f36c08318caa645d87c1ddba 906 libs extra libpgtypes3-dbgsym_9.4.2-1_i386.ddeb 93aba60f91076f6618ea60bf41026846 1220 database extra postgresql-9.4-dbgsym_9.4.2-1_i386.ddeb 76a44275354bb7d03278dadc3a68cb6f 1072 database extra postgresql-client-9.4-dbgsym_9.4.2-1_i386.ddeb 1c19a03c05767eb391a2e8eea0e6226f 1014 libdevel extra postgresql-server-dev-9.4-dbgsym_9.4.2-1_i386.ddeb 5dc389c3699a167e153606111fef66a4 2212 database extra postgresql-contrib-9.4-dbgsym_9.4.2-1_i386.ddeb 227eb6cde36ffd17819f09bc0018f743 958 database extra postgresql-plperl-9.4-dbgsym_9.4.2-1_i386.ddeb e3aafb092480a999d4c0f9a1473a9247 958 database extra postgresql-plpython-9.4-dbgsym_9.4.2-1_i386.ddeb 1b641a0ede87fc925fef81c4a4abd0f1 962 database extra postgresql-plpython3-9.4-dbgsym_9.4.2-1_i386.ddeb 2ac19ab74335cb6296c43bf4cb676c95 956 database extra postgresql-pltcl-9.4-dbgsym_9.4.2-1_i386.ddeb 1a5b2034e91fcf09d93fea17cc3d18bd 5379279 raw-translations - postgresql-9.4_9.4.2-1_i386_translations.tar.gz