Format: 1.8 Date: Tue, 14 Aug 2018 14:49:16 +0200 Source: postgresql-9.5 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5 Architecture: arm64 arm64_translations Version: 9.5.14-0ubuntu0.16.04 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Christian Ehrhardt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.5 - object-relational SQL database, version 9.5 server postgresql-9.5-dbg - debug symbols for postgresql-9.5 postgresql-client-9.5 - front-end programs for PostgreSQL 9.5 postgresql-contrib-9.5 - additional facilities for PostgreSQL postgresql-doc-9.5 - documentation for the PostgreSQL database management system postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5 postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5 postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5 postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5 postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming Launchpad-Bugs-Fixed: 1786938 Changes: postgresql-9.5 (9.5.14-0ubuntu0.16.04) xenial-security; urgency=medium . * New upstream release (LP: #1786938) - Fix failure to reset libpq's state fully between connection attempts . An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915) - Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT FROM ... . Erroneous expansion of an updatable view could lead to crashes or attribute ... has the wrong type errors, if the view's SELECT list doesn't match one-to-one with the underlying table's columns. Furthermore, this bug could be leveraged to allow updates of columns that an attacking user lacks UPDATE privilege for, if that user has INSERT and UPDATE privileges for some other column(s) of the table. Any user could also use it for disclosure of server memory. (CVE-2018-10925) - d/libecpg-dev.install: Add new pgtypes header. - d/libpgtypes3.symbols: Add new pgtypes symbol. - Details about these and changes can be found at https://www.postgresql.org/docs/9.5/static/release-9-5-14.html Checksums-Sha1: f9054dad0226ab5a8eb56296782d81b71ddc35a5 916 libecpg-compat3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 62b3b6f9706765c9c83e7fa76fef08b15fea097b 9142 libecpg-compat3_9.5.14-0ubuntu0.16.04_arm64.deb 82a612a3af92c2666849dcd1bf99b5f3014dee7a 1018 libecpg-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 5f45e8907a0826d087accb6a389f2c26c8f78f06 194322 libecpg-dev_9.5.14-0ubuntu0.16.04_arm64.deb 4f9a1a40cd7286b71885cdc4e0c61c661ee669a5 910 libecpg6-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb a85648917dd4f140cf2b18483811fcd18b1ba1c0 29584 libecpg6_9.5.14-0ubuntu0.16.04_arm64.deb 74dbf827d3be211b19f5821a75090bf49d6f3ac9 910 libpgtypes3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 3a105fcf26b5d1342d84b639f5c0de2cc69acb55 31154 libpgtypes3_9.5.14-0ubuntu0.16.04_arm64.deb d3f825f7ce3628c4f3deb378e691e06dbec5d87f 936 libpq-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 96b7f83eddc09d6d97cd9031e052eab505fe5b0e 140548 libpq-dev_9.5.14-0ubuntu0.16.04_arm64.deb 8edca27de7f5c57a6c84158826b2aafd1354f074 1022 libpq5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 67dbe45210a9db33972aa6102ca81556a61fd710 65434 libpq5_9.5.14-0ubuntu0.16.04_arm64.deb 0ca2ea3573df61099a57d25f497191774e2de9db 13576072 postgresql-9.5-dbg_9.5.14-0ubuntu0.16.04_arm64.deb ad57c2f5051f502fbf4faa1f50fe85454736e16d 1182 postgresql-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 4d16ea3f820f3b541fc15ce5d17d58611c477f75 2542002 postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 02b4b76fbce4e9eeee6ca8ae9ccf522f60c0d3b4 6014057 postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64_translations.tar.gz 149d910f70abe4b7f3c0cbfafbd9006c2ed22712 1070 postgresql-client-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 62011fa097fffba915804f1467fb587f8b10137e 801044 postgresql-client-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 8b182edc532db108d1937bd7ba1d4d47d2efced7 2154 postgresql-contrib-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb ddeb66e5228daa02a088ad4b1969a30b0a73ad7e 386018 postgresql-contrib-9.5_9.5.14-0ubuntu0.16.04_arm64.deb c09ed1671126c3f6b3a327fde25fc17541b2c33d 954 postgresql-plperl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 6ded3bfea23a125111a984ab74b5d6334602647b 32910 postgresql-plperl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 2ddaf9d0082efba1e0c9898504ce2f091c4f9937 956 postgresql-plpython-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 68b2c5102fe4af9aef995ffa20cdfc68a2674659 36822 postgresql-plpython-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 04b2f37107832bb3b0d3295740b079a3f802bed2 960 postgresql-plpython3-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 94e16b0beee34629be07553ca718362149155d8e 35336 postgresql-plpython3-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 684ac412f639995e40bbaf0267e81e59dc2d96cb 954 postgresql-pltcl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 5cc79bc2cdc73bb7b6957e87599cefa1a1530ddf 19364 postgresql-pltcl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 4d931d31210c94a051d26df5058bd16f70ec7d20 1020 postgresql-server-dev-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb aedb86020b9e1c086837a7b87a96eddfcb229b67 719220 postgresql-server-dev-9.5_9.5.14-0ubuntu0.16.04_arm64.deb Checksums-Sha256: 4c544d010e20c0a9aa7bbd4f720501c74413049d9149f494c330b0ed85dd6cb3 916 libecpg-compat3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 24727292ef75bb83481eb26fffe15f8257e00a0421a7281a6845f88cc25cf0ef 9142 libecpg-compat3_9.5.14-0ubuntu0.16.04_arm64.deb 8b30d6ed101197124a8e74140a19ba05f4b0404c696c0160fd232b4177fca203 1018 libecpg-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 909eab473c221fb241fbd8c0707b6a847ab61704c982902124097212de846e24 194322 libecpg-dev_9.5.14-0ubuntu0.16.04_arm64.deb c8ee03c2b2b41ea69e33919928afe84ee130defaf830a021c2db9cce5057b2a2 910 libecpg6-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 128b911b8f46c57c0cb480f8c9a8c86b40d345753436e5bb84b761cad514e0db 29584 libecpg6_9.5.14-0ubuntu0.16.04_arm64.deb db8ce3cde00876eab9401dc2ae5c22680abeef98f20e669e4c199f220a3916fc 910 libpgtypes3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 56fa5cd7b06d1fa388cd03f8d045778a5afbc9313004948d35d366a701a58d1b 31154 libpgtypes3_9.5.14-0ubuntu0.16.04_arm64.deb d60d2a31e3d5f8de14612a09069923faa34a504e1a70bf5efe6471b38f73ddf1 936 libpq-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 320c414cd00c9e86d92ef685a9baea561fc3f286ee764d25c7b612ebb1b1583c 140548 libpq-dev_9.5.14-0ubuntu0.16.04_arm64.deb 6a6d81182048e12a236258a227f250a80bb7c3b09f8435e50c67cdc1a81a20c3 1022 libpq5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb a26a8bbc8e06e0c6915368d583369f5a56b573fea6466bb1858fd0cf8995d667 65434 libpq5_9.5.14-0ubuntu0.16.04_arm64.deb 592c5b7fbfc978ee83235840d0b32abeb43399a719effb233c60cdd3b520aab1 13576072 postgresql-9.5-dbg_9.5.14-0ubuntu0.16.04_arm64.deb ee1755b42006f9b1a081011f0f5a68dd1f13786757ec470f10622e786e31144e 1182 postgresql-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 3587c04e4294bce81dc8a785d1c21d3ae00bb64bc6cd3dd2afdd7e44d0c3796a 2542002 postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 79e48414fe5742b22d74233ca94f8cc9bb6f9b27800ad1bac3e4e8da66311677 6014057 postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64_translations.tar.gz f14cae4a7ad8d006876ddd44986bd6d60d780c3584fdf03db6a9ea96b53a069f 1070 postgresql-client-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb bd55f0a85acf3b74fe58a32b9eb5f2479f14eb0ca57d447ad417ac5918875d00 801044 postgresql-client-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 8e96d2a74d7718ec00cf7b90754995ee419efa69757bca523aec11eaf9c24b25 2154 postgresql-contrib-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb dada33e1f24539b88fdf33118b69f696ebfcfafcdf18dfd75f400b74ef55faa6 386018 postgresql-contrib-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 6d51f651d5c3156fc8298eccb4715e17044123b18ff2326664f17f8afbe141df 954 postgresql-plperl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 0f07237d8ed58bc06a594f6cd52ebe1f2e78370abdfdd1e94b23941d970f60d5 32910 postgresql-plperl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb edeb421592136edb9299ee36c863180ed0cee2ae90b637453aefa7421b13214b 956 postgresql-plpython-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb d508b88719cb4c2b841575d080092d1908756fb5e3c64fc7c61567668ceb540b 36822 postgresql-plpython-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 2c9c0a1fdb63386212f3337600c4de4e02ecfdeb4726df407f52a6f052667217 960 postgresql-plpython3-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb d8a35270ab218a9f4f242031a89a5d3d29ac2c54204a9d4b718dbd4ec36cc35f 35336 postgresql-plpython3-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 8b578ac14a86bc6722d4db65dffde0e08eb760fa68eba97e6b9c7c333a933d42 954 postgresql-pltcl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 22cee4b73ae1007baf7bbedf66f31a49433d2668a43f1cc2b0404b8122e7c17b 19364 postgresql-pltcl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb a32258496854c98296d2d6fc7c2f3b439e69507f41a0515caf55de0114140cba 1020 postgresql-server-dev-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb d7f3f547a63ddcf682eb0a356791e8a9b9557f903c95a7085916c33ce37deade 719220 postgresql-server-dev-9.5_9.5.14-0ubuntu0.16.04_arm64.deb Files: 865516623b910e8fe4327165259ad471 916 libs extra libecpg-compat3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb c868ba89660277561f7fdb7f6c0469b1 9142 libs optional libecpg-compat3_9.5.14-0ubuntu0.16.04_arm64.deb 08c2bb2bf15de2c53c3477626f78e0dc 1018 libdevel extra libecpg-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 804af17c1561903077935178cdbb0517 194322 libdevel optional libecpg-dev_9.5.14-0ubuntu0.16.04_arm64.deb 6045d856431fae3594be576acbebd2c4 910 libs extra libecpg6-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 3c7b984cdd2fdf8b6e7c99ac79d54e13 29584 libs optional libecpg6_9.5.14-0ubuntu0.16.04_arm64.deb 202c87dcf207d629beaf036ee82d8df0 910 libs extra libpgtypes3-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb f6e72b23d42e6d8afb6ba645eb3ffd20 31154 libs optional libpgtypes3_9.5.14-0ubuntu0.16.04_arm64.deb a35468ec9be71d58023e47e331a405ff 936 libdevel extra libpq-dev-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb c3346981947c9db73ba98fe2107c7306 140548 libdevel optional libpq-dev_9.5.14-0ubuntu0.16.04_arm64.deb 917c798465eca903b7f79137a9632010 1022 libs extra libpq5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 1d23f0cf6e0b37f9d5ba9a978da01849 65434 libs optional libpq5_9.5.14-0ubuntu0.16.04_arm64.deb 07f3aa17c5d5146c37fb1c50fce1de5c 13576072 debug extra postgresql-9.5-dbg_9.5.14-0ubuntu0.16.04_arm64.deb 3c2499482ae080afcb351bfea5383c90 1182 database extra postgresql-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 4d067607eb770b1d0a4fead39fd94b9a 2542002 database optional postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64.deb db93d1ba221c641d252f98b91c053504 6014057 raw-translations - postgresql-9.5_9.5.14-0ubuntu0.16.04_arm64_translations.tar.gz 9f8de7666410cb2e76577ffa20925dad 1070 database extra postgresql-client-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb f9ec51cbe3b690ad6903db05a15e08b4 801044 database optional postgresql-client-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 884d2c40bf843e2869e0a1c6d6771c94 2154 database extra postgresql-contrib-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 243ad88609e0516e178c8edb7a0d7e06 386018 database optional postgresql-contrib-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 8c3e7d20f1c9daf92cdbcdcb61934ec8 954 database extra postgresql-plperl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb 0a8cfc51b28f098dcc5317f0de1b3964 32910 database optional postgresql-plperl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 82ac49eb48e7b3eff04baaaab71a31f3 956 database extra postgresql-plpython-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb a6166454178779d6d5c1a93cf41a9780 36822 database optional postgresql-plpython-9.5_9.5.14-0ubuntu0.16.04_arm64.deb c51a7c5f5711ceff42581c1b4ac9d6e7 960 database extra postgresql-plpython3-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb ebbdcb0ee3b8eaff89a10ab1b9b89d3c 35336 database optional postgresql-plpython3-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 9d8d18a3eab4d00116f54372acc35ffc 954 database extra postgresql-pltcl-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb b128b94130a4028b946ae1364dc6946f 19364 database optional postgresql-pltcl-9.5_9.5.14-0ubuntu0.16.04_arm64.deb 66f62daf90a16ae18f296a346f01df51 1020 libdevel extra postgresql-server-dev-9.5-dbgsym_9.5.14-0ubuntu0.16.04_arm64.ddeb c924f0eb6a3fed773d21639f76cad460 719220 libdevel optional postgresql-server-dev-9.5_9.5.14-0ubuntu0.16.04_arm64.deb Original-Maintainer: Debian PostgreSQL Maintainers