Change logs for postgresql-9.4 source package in Wily

  • postgresql-9.4 (9.4.8-0ubuntu0.15.10) wily-proposed; urgency=medium
      * New upstream bug fix release. (LP: #1581016)
       - Details:
     -- Martin Pitt <email address hidden>  Thu, 12 May 2016 15:05:45 +0200
  • postgresql-9.4 (9.4.7-0ubuntu0.15.10) wily-proposed; urgency=medium
      * New upstream bug fix release. (LP: #1564268)
        - See for details.
     -- Martin Pitt <email address hidden>  Thu, 31 Mar 2016 10:21:49 +0200
  • postgresql-9.4 (9.4.6-0ubuntu0.15.10) wily-security; urgency=medium
      * New upstream security/bug fix release: (LP: #1544576)
        - Fix infinite loops and buffer-overrun problems in regular expressions.
          Very large character ranges in bracket expressions could cause infinite
          loops in some cases, and memory overwrites in other cases.
        - Prevent certain PL/Java parameters from being set by non-superusers.
          This change mitigates a PL/Java security bug (CVE-2016-0766), which was
          fixed in PL/Java by marking these parameters as superuser-only. To fix
          the security hazard for sites that update PostgreSQL more frequently
          than PL/Java, make the core code aware of them also.
        - See release notes for details about other fixes.
     -- Martin Pitt <email address hidden>  Thu, 11 Feb 2016 15:28:06 +0100
  • postgresql-9.4 (9.4.5-1) unstable; urgency=medium
      * New upstream version.
        + Guard against stack overflows in json parsing (Oskari Saarenmaa)
          If an application constructs PostgreSQL json or jsonb values from
          arbitrary user input, the application's users can reliably crash the
          PostgreSQL server, causing momentary denial of service.  (CVE-2015-5289)
        + Fix contrib/pgcrypto to detect and report too-short crypt() salts
          (Josh Kupershmidt)
          Certain invalid salt arguments crashed the server or disclosed a few
          bytes of server memory.  We have not ruled out the viability of attacks
          that arrange for presence of confidential information in the disclosed
          bytes, but they seem unlikely.  (CVE-2015-5288)
      * debian/rules: Call dh without --parallel, it's not supported upstream.
     -- Christoph Berg <email address hidden>  Tue, 06 Oct 2015 11:02:48 +0200
  • postgresql-9.4 (9.4.4-1) unstable; urgency=medium
      * New upstream version.
        + Fix possible failure to recover from an inconsistent database state
        + Fix rare failure to invalidate relation cache init file
     -- Christoph Berg <email address hidden>  Wed, 10 Jun 2015 13:48:09 +0200
  • postgresql-9.4 (9.4.3-1) unstable; urgency=medium
      * New upstream version:
        Avoid failures while fsync'ing data directory during crash restart
        (Abhijit Menon-Sen, Tom Lane; Closes: #786874)
     -- Christoph Berg <email address hidden>  Wed, 03 Jun 2015 11:53:43 +0200
  • postgresql-9.4 (9.4.2-1) unstable; urgency=medium
      * New upstream version.
        + Avoid possible crash when client disconnects just before the
          authentication timeout expires (Benkocs Norbert Attila)
          If the timeout interrupt fired partway through the session shutdown
          sequence, SSL-related state would be freed twice, typically causing a
          crash and hence denial of service to other sessions.  Experimentation
          shows that an unauthenticated remote attacker could trigger the bug
          somewhat consistently, hence treat as security issue. (CVE-2015-3165)
        + Improve detection of system-call failures (Noah Misch)
          Our replacement implementation of snprintf() failed to check for errors
          reported by the underlying system library calls; the main case that
          might be missed is out-of-memory situations. In the worst case this
          might lead to information exposure, due to our code assuming that a
          buffer had been overwritten when it hadn't been. Also, there were a few
          places in which security-relevant calls of other system library
          functions did not check for failure.
          It remains possible that some calls of the *printf() family of functions
          are vulnerable to information disclosure if an out-of-memory error
          occurs at just the wrong time.  We judge the risk to not be large, but
          will continue analysis in this area. (CVE-2015-3166)
        + In contrib/pgcrypto, uniformly report decryption failures as Wrong key
          or corrupt data (Noah Misch)
          Previously, some cases of decryption with an incorrect key could report
          other error message texts.  It has been shown that such variance in
          error reports can aid attackers in recovering keys from other systems.
          While it's unknown whether pgcrypto's specific behaviors are likewise
          exploitable, it seems better to avoid the risk by using a
          one-size-fits-all message. (CVE-2015-3167)
        + Protect against wraparound of multixact member IDs
          (Álvaro Herrera, Robert Haas, Thomas Munro)
          Under certain usage patterns, the existing defenses against this might
          be insufficient, allowing pg_multixact/members files to be removed too
          early, resulting in data loss.
          The fix for this includes modifying the server to fail transactions that
          would result in overwriting old multixact member ID data, and improving
          autovacuum to ensure it will act proactively to prevent multixact member
          ID wraparound, as it does for transaction ID wraparound.
        + pg_dump -Fd -Z compression level fixed. (Closes: #781361)
      * Make postgresql-9.4 Recommends: postgresql-contrib-9.4.
      * Enable TAP tests.
      * Repository moved to git, update Vcs headers.
     -- Christoph Berg <email address hidden>  Wed, 20 May 2015 10:50:22 +0200
  • postgresql-9.4 (9.4.1-1) unstable; urgency=medium
      * New upstream version.
        + libpq5: Name lookups fixed in minimal chroots (Closes: #756627)
        + Fix buffer overruns in to_char() (CVE-2015-0241)
        + Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243)
        + Fix possible loss of frontend/backend protocol synchronization after an
          error (CVE-2015-0244)
        + Fix information leak via constraint-violation error messages
     -- Christoph Berg <email address hidden>  Wed, 04 Feb 2015 17:55:28 +0100