-
postgresql-9.6 (9.6.6-0ubuntu0.17.04) zesty-security; urgency=medium
* New upstream release (LP: #1730661)
- Previously, a race condition allowed some table rows to be omitted from
the index. It may be necessary to reindex existing BRIN indexes to
recover from past occurrences of this problem.
- Details about other changes at full changelog:
https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
-- Christian Ehrhardt <email address hidden> Tue, 07 Nov 2017 14:33:52 +0100
-
postgresql-9.6 (9.6.5-0ubuntu0.17.04) zesty; urgency=medium
* New upstream release (LP: #1713979)
- fix upgrade regressions of the former security release
- Details about other changes at full changelog:
https://www.postgresql.org/docs/9.6/static/release-9-6-5.html
-- Christian Ehrhardt <email address hidden> Wed, 30 Aug 2017 13:01:24 +0200
-
postgresql-9.6 (9.6.4-0ubuntu0.17.04.1) zesty-security; urgency=medium
* SECURITY UPDATE: Update to 9.6.4 to fix security issues
- Further restrict visibility of pg_user_mappings.umoptions, to protect
passwords stored as user mapping options (CVE-2017-7547)
- Disallow empty passwords in all password-based authentication methods
(CVE-2017-7546)
- Make lo_put() check for UPDATE privilege on the target large object
(CVE-2017-7548)
-- Marc Deslauriers <email address hidden> Mon, 14 Aug 2017 08:34:04 -0400
-
postgresql-9.6 (9.6.3-0ubuntu0.17.04) zesty; urgency=medium
* New upstream release (LP: #1690730)
- Restrict visibility of pg_user_mappings.umoptions, to protect passwords
stored as user mapping options (CVE-2017-7486)
- Prevent exposure of statistical information via leaky operators
(CVE-2017-7484)
- Restore libpq's recognition of the PGREQUIRESSL environment variable
(CVE-2017-7485)
- A dump/restore is not required for those running 9.6.X.
- However, if you use foreign data servers that make use of user passwords
for authentication, see the first changelog entry.
- Also, if you are using third-party replication tools that depend on
"logical decoding", see the fourth changelog entry.
- Details about other changes at full changelog:
https://www.postgresql.org/docs/9.6/static/release-9-6-3.html
-- Christian Ehrhardt <email address hidden> Mon, 15 May 2017 08:46:09 +0200
-
postgresql-9.6 (9.6.2-1) unstable; urgency=medium
* Team upload.
* New upstream version.
+ Fix a race condition that could cause indexes built with CREATE INDEX
CONCURRENTLY to be corrupt (Pavan Deolasee, Tom Lane)
If CREATE INDEX CONCURRENTLY was used to build an index that depends on
a column not previously indexed, then rows inserted or updated by
transactions that ran concurrently with the CREATE INDEX command could
have received incorrect index entries. If you suspect this may have
happened, the most reliable solution is to rebuild affected indexes
after installing this update.
* Update watch file to use https.
-- Christoph Berg <email address hidden> Tue, 07 Feb 2017 12:02:33 +0100
-
postgresql-9.6 (9.6.1-2) unstable; urgency=medium
* Team upload.
[ Martin Pitt ]
* Add missing perl test dependency (for Test::More).
[ Christoph Berg ]
* Explicitly disable PIE on 32 architectures. Previously we were just not
enabling it, but it's on by default now in unstable. Closes: #842752.
* libpq-dev: Remove dependency on libssl-dev (and comerr-dev and
krb5-multidev) to unbreak co-installation with libssl1.0-dev.
-- Christoph Berg <email address hidden> Wed, 02 Nov 2016 11:04:52 +0100