Format: 1.8 Date: Wed, 28 Feb 2018 09:59:08 +0100 Source: postgresql-9.5 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.5 postgresql-9.5-dbg postgresql-client-9.5 postgresql-server-dev-9.5 postgresql-doc-9.5 postgresql-contrib-9.5 postgresql-plperl-9.5 postgresql-plpython-9.5 postgresql-plpython3-9.5 postgresql-pltcl-9.5 Architecture: armhf armhf_translations Version: 9.5.12-0ubuntu0.16.04 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Christian Ehrhardt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.5 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.5 - object-relational SQL database, version 9.5 server postgresql-9.5-dbg - debug symbols for postgresql-9.5 postgresql-client-9.5 - front-end programs for PostgreSQL 9.5 postgresql-contrib-9.5 - additional facilities for PostgreSQL postgresql-doc-9.5 - documentation for the PostgreSQL database management system postgresql-plperl-9.5 - PL/Perl procedural language for PostgreSQL 9.5 postgresql-plpython-9.5 - PL/Python procedural language for PostgreSQL 9.5 postgresql-plpython3-9.5 - PL/Python 3 procedural language for PostgreSQL 9.5 postgresql-pltcl-9.5 - PL/Tcl procedural language for PostgreSQL 9.5 postgresql-server-dev-9.5 - development files for PostgreSQL 9.5 server-side programming Launchpad-Bugs-Fixed: 1752271 Changes: postgresql-9.5 (9.5.12-0ubuntu0.16.04) xenial-security; urgency=medium . * New upstream release (LP: #1752271) If you run an installation in which not all users are mutually trusting, or if you maintain an application or extension that is intended for use in arbitrary situations, it is strongly recommended that you read the documentation changes described in the first changelog entry below, and take suitable steps to ensure that your installation or code is secure. . Also, the changes described in the second changelog entry below may cause functions used in index expressions or materialized views to fail during auto-analyze, or when reloading from a dump. After upgrading, monitor the server logs for such problems, and fix affected functions. . - Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users . Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. (CVE-2018-1058) . - Avoid use of insecure search_path settings in pg_dump and other client programs . pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications were themselves vulnerable to the type of hijacking described in the previous changelog entry; since these applications are commonly run by superusers, they present particularly attractive targets. To make them secure whether or not the installation as a whole has been secured, modify them to include only the pg_catalog schema in their search_path settings. Autovacuum worker processes now do the same, as well. . In cases where user-provided functions are indirectly executed by these programs -- for example, user-provided functions in index expressions -- the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058) . - Details about other changes can be found at https://www.postgresql.org/docs/9.5/static/release-9-5-12.html Checksums-Sha1: 3ee1e11e96f74ce409907f664ae03aae09085937 914 libecpg-compat3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b1c1cb766e52d4fc9880031a675d24e0c09eab3a 9116 libecpg-compat3_9.5.12-0ubuntu0.16.04_armhf.deb fba7099c7b2b53518235f050f763944408e60061 1016 libecpg-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb eeab9dbf342d5dd1afded83000979e03286a566f 192272 libecpg-dev_9.5.12-0ubuntu0.16.04_armhf.deb 4aef8c95a8ddb801220e585134030a19c07fcefe 908 libecpg6-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb df41f8cba11c12c539313c31f3976fdcfb27bff1 28338 libecpg6_9.5.12-0ubuntu0.16.04_armhf.deb 1dcb0c72bda37fb2247558b1c3005167011666d4 908 libpgtypes3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 679ea849dfc186e8db6033c080e0b6096ce0b977 32466 libpgtypes3_9.5.12-0ubuntu0.16.04_armhf.deb 8fff5074695239b589849537e67099c9efbfc356 936 libpq-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb dc4a385625265104668eb373d434189e0c3ad714 140092 libpq-dev_9.5.12-0ubuntu0.16.04_armhf.deb ba3c85a6a6a8931000a52661ce105a1f00bc7267 1022 libpq5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 3c41844bfa0f83b3ecb231ced496e8c4650cb99e 65884 libpq5_9.5.12-0ubuntu0.16.04_armhf.deb dba6f46fda85c805f7e76fc9fdd19eaedecf909c 13074602 postgresql-9.5-dbg_9.5.12-0ubuntu0.16.04_armhf.deb d8345abea477d018440d8fd8fd6534dea99fa363 1180 postgresql-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b599c08899b51b045b2c3d9666dfd8057747d8ac 2525142 postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 3e0c88607b65f52a7d545f935915df82031ec253 5961583 postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf_translations.tar.gz 0af50c8c7d49c628996afe956a24d771e83be340 1068 postgresql-client-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb c259c0f4e9b564afc275d886c9ef8914c8db4467 792796 postgresql-client-9.5_9.5.12-0ubuntu0.16.04_armhf.deb a2e715cae8d0b1d66dab22b87123e2eac043ff9d 2150 postgresql-contrib-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 5fd74d64b588c4b9a1f394988f9845531359d1c7 401644 postgresql-contrib-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 3dc34b3d727611f5d89e7ce34b85de08850a3538 952 postgresql-plperl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 0b270321d967149b3067be04e94e2266847eee39 34730 postgresql-plperl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 6540021cde55e279bab1294b367ef5f5f0ef373f 958 postgresql-plpython-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 2b08d742f02f1431c0db8ad2bd5940c61e82058c 37678 postgresql-plpython-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 6e1858b299aa8d3654b9fbf68ce8af7aba29e0a3 960 postgresql-plpython3-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb c2e327da69b29c067f03573ba0f16776780012b8 36256 postgresql-plpython3-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 0573d7c40a08637e3a3795f190fa19982d23ba28 952 postgresql-pltcl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb c6692ce6c2623955a31747bfce2c30925f2bd13a 19900 postgresql-pltcl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb ef4d4cf199b82ed7bb0c260e889b0f79b2399abf 1020 postgresql-server-dev-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 3dee0b30e6ad85d312cccfb5ebecbcf6fdfa2312 718192 postgresql-server-dev-9.5_9.5.12-0ubuntu0.16.04_armhf.deb Checksums-Sha256: 384554f48395f2feea670d3d238adf2d935163478dc42d523f5508f69275634b 914 libecpg-compat3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 36831003d3eb64e4a664e886113c178d11fc618c31f20a5e9e2f9d820e575072 9116 libecpg-compat3_9.5.12-0ubuntu0.16.04_armhf.deb e92da85e68aedb1047a5245c56cbf788a3ae54a136c6d83b9e775c2f1036571c 1016 libecpg-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 360b58190c223da6a422979ed91803a10c9b576df3cc87c5f321d50228d81cae 192272 libecpg-dev_9.5.12-0ubuntu0.16.04_armhf.deb 966fa1108a657e4644b82db1ef17ae52a6a6d312bfe7216243602828964cc96b 908 libecpg6-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 6b42aac13f139793f10d3c9bc7dee82b2fba0566834fc927a350dc71d4b69406 28338 libecpg6_9.5.12-0ubuntu0.16.04_armhf.deb b89cb955a639016b8a88237bbac194961b63d425a8014b7c7765f2acfba6769d 908 libpgtypes3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb f53518e333192714a963f7068bd9caeef288f6aaa981f8ad740a217d3950cf32 32466 libpgtypes3_9.5.12-0ubuntu0.16.04_armhf.deb 1d1811eab5590caa0a109b717546b324b358e25f171c231968687526feb8b657 936 libpq-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb a4bd23887a0774a96cfe58db6b116999b2d80dc6c89b19994b007a1381bb8645 140092 libpq-dev_9.5.12-0ubuntu0.16.04_armhf.deb f56772d87ea17f8f36864d872af2934c9ab19ae9decb831752e17c3c87f689a9 1022 libpq5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b9cb3f4eb09b38f560d0a6a7fcc74b98f95d544f715c2b086f833b26e2d7ee7f 65884 libpq5_9.5.12-0ubuntu0.16.04_armhf.deb 9dc08b1709545b1c6be02bfe5d7cea563dbad652adb6ef18e56d9f7c3cf46ad3 13074602 postgresql-9.5-dbg_9.5.12-0ubuntu0.16.04_armhf.deb 2617abde1da28d354e91895f3c7ccf97472b715f8d4bd4c3cd7974be4222fd6a 1180 postgresql-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb d85d36df6190b1358a067d080c4cfac35aff902ed19e3ed50a12d19e3118fe22 2525142 postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf.deb f12c5ce551854ec216a832282ef864ede75d218d6bd89d4d8aa5e843c346853b 5961583 postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf_translations.tar.gz 88701166dbfae6225a835d175fdf1883a508b260dc75d510e2467531f37dcc4d 1068 postgresql-client-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb a852038cca752431679ebf6b7f3f3926e53daa8ec42b4c67d35b82cc45df68f7 792796 postgresql-client-9.5_9.5.12-0ubuntu0.16.04_armhf.deb b3e35dad30352d5e65ddf9eed4636a91900ff9caee4e919c8abc3ca1b968b081 2150 postgresql-contrib-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb f7c4d1e40ba29d6ea0c4f841f9a3ff44f45b78f0c8618768479568a061bc7454 401644 postgresql-contrib-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 436b9f17321b756a621f4a31a63f6fa8ceb47b1f87ccac7ed0c081bf9ffe6eaa 952 postgresql-plperl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb eb2bba3d871187a28c868a2abda31cf7eba37db102461bb1c8bef9cfc269b73a 34730 postgresql-plperl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb e75e5d650e58f799916b10d1c38111dc8734d54bd846c2a9fc5a5315e00b46fe 958 postgresql-plpython-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b4fce91d5b721c17de2a798a3b49d16cbb93c5cfc0d486e31532124acecd5d03 37678 postgresql-plpython-9.5_9.5.12-0ubuntu0.16.04_armhf.deb cc9aeee7ad8aa13e944ae1e5dfff16cc15aa370761c2260ffa28338fd08ce10c 960 postgresql-plpython3-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 93f5d4b08c0d478ee9b7f07da49f5c01aac52fb549f9f1b25c0ca6afb7a3dc44 36256 postgresql-plpython3-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 6ddd9669a32d7de1bda612ff5d77620325746c8827c2edbd827e49085be48d36 952 postgresql-pltcl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 7955876323c00c98e82059d375a0e9785960ab11e45f408cfd302bcca2d7b0f1 19900 postgresql-pltcl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 487e5f1ea43a0d8e1090da30d80acccd6e3ad659d12bc4c3a7463e32862c8d11 1020 postgresql-server-dev-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 90185215c774b82ddc730dac9c7b2c6779ec930526b28f0486315c4ac9821899 718192 postgresql-server-dev-9.5_9.5.12-0ubuntu0.16.04_armhf.deb Files: 95b40ba80c5bae94d5df1730884df608 914 libs extra libecpg-compat3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 07b90c23761b2cf781e2e58eaf04b90d 9116 libs optional libecpg-compat3_9.5.12-0ubuntu0.16.04_armhf.deb 8f6bb8e18db4ec950a31d6d298f614f2 1016 libdevel extra libecpg-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 9312f0650284af30271a90daa5f26228 192272 libdevel optional libecpg-dev_9.5.12-0ubuntu0.16.04_armhf.deb cf1febb391d979f42ad7e46f0be8fb95 908 libs extra libecpg6-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 24adbf6498aab974a5195d02b2560062 28338 libs optional libecpg6_9.5.12-0ubuntu0.16.04_armhf.deb afc2703e99cdc71e98e7ad78cd38aed8 908 libs extra libpgtypes3-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 13f139ebadab46f2159714dba5e99b23 32466 libs optional libpgtypes3_9.5.12-0ubuntu0.16.04_armhf.deb ae4847b9c7969b690f653931d2d2ae05 936 libdevel extra libpq-dev-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb e22f4d3d18eaae0ba5d80a12d7c18b53 140092 libdevel optional libpq-dev_9.5.12-0ubuntu0.16.04_armhf.deb 94c49fe2b3c09e4c3656c0a484569a8c 1022 libs extra libpq5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb caaeff7f5ed572fef9316cd12f17472e 65884 libs optional libpq5_9.5.12-0ubuntu0.16.04_armhf.deb dfb0d7cea183a40e92ab2a74d39b7699 13074602 debug extra postgresql-9.5-dbg_9.5.12-0ubuntu0.16.04_armhf.deb af5c2dd6971ffaa7c876a27b2501629e 1180 database extra postgresql-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 7a14c80d8c65290950be7b6475bddf2c 2525142 database optional postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 5d7645b77e878e5f00f80c3ee0fbaf72 5961583 raw-translations - postgresql-9.5_9.5.12-0ubuntu0.16.04_armhf_translations.tar.gz b5afe71c12fa091447d9056b7327b0cd 1068 database extra postgresql-client-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb f792238a5a0fb6a0d85371bfe6f4c52a 792796 database optional postgresql-client-9.5_9.5.12-0ubuntu0.16.04_armhf.deb b654979a81e111804e62c1da3951ee46 2150 database extra postgresql-contrib-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 7a132b869ff590a29a9c302ab4018106 401644 database optional postgresql-contrib-9.5_9.5.12-0ubuntu0.16.04_armhf.deb a8a1bc4395789f1ee30842e378a8bb18 952 database extra postgresql-plperl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b88966fcfba05ebe58fd974bbbea9741 34730 database optional postgresql-plperl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 19298fe0a6ad4d1c30b0f8322987197b 958 database extra postgresql-plpython-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 91b09aed7bd8e9c22a62743ffb53e2ce 37678 database optional postgresql-plpython-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 77973c7bb5e3f883c753165a42047d64 960 database extra postgresql-plpython3-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb b229e43e4cce2677c6ff93ae49bdb8e4 36256 database optional postgresql-plpython3-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 0e37d389270a83acb685609674286dc0 952 database extra postgresql-pltcl-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb e8d4b20abbe049c5d9f547b146a14158 19900 database optional postgresql-pltcl-9.5_9.5.12-0ubuntu0.16.04_armhf.deb 5920b30fa51a14011f5137a2f0d0ba6b 1020 libdevel extra postgresql-server-dev-9.5-dbgsym_9.5.12-0ubuntu0.16.04_armhf.ddeb 91120a614b98d78716d123824c3b7617 718192 libdevel optional postgresql-server-dev-9.5_9.5.12-0ubuntu0.16.04_armhf.deb Original-Maintainer: Debian PostgreSQL Maintainers