Format: 1.8 Date: Wed, 20 May 2015 23:08:58 +0200 Source: postgresql-9.3 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.3 postgresql-9.3-dbg postgresql-client-9.3 postgresql-server-dev-9.3 postgresql-doc-9.3 postgresql-contrib-9.3 postgresql-plperl-9.3 postgresql-plpython-9.3 postgresql-plpython3-9.3 postgresql-pltcl-9.3 Architecture: arm64 arm64_translations Version: 9.3.7-0ubuntu0.14.04 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Martin Pitt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.3 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.3 - object-relational SQL database, version 9.3 server postgresql-9.3-dbg - debug symbols for postgresql-9.3 postgresql-client-9.3 - front-end programs for PostgreSQL 9.3 postgresql-contrib-9.3 - additional facilities for PostgreSQL postgresql-doc-9.3 - documentation for the PostgreSQL database management system postgresql-plperl-9.3 - PL/Perl procedural language for PostgreSQL 9.3 postgresql-plpython-9.3 - PL/Python procedural language for PostgreSQL 9.3 postgresql-plpython3-9.3 - PL/Python 3 procedural language for PostgreSQL 9.3 postgresql-pltcl-9.3 - PL/Tcl procedural language for PostgreSQL 9.3 postgresql-server-dev-9.3 - development files for PostgreSQL 9.3 server-side programming Launchpad-Bugs-Fixed: 1457093 Changes: postgresql-9.3 (9.3.7-0ubuntu0.14.04) trusty-security; urgency=medium . * New upstream security/bug fix release (LP: #1457093) - Avoid possible crash when client disconnects just before the authentication timeout expires. If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165) . - Improve detection of system-call failures Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure. It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166) . - In contrib/pgcrypto, uniformly report decryption failures as Wrong key or corrupt data Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167) . - Protect against wraparound of multixact member IDs Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound. . - See release notes for details about other fixes. Checksums-Sha1: 23d9dd810f096566e7a028ee218501c49581ca1c 123882 libpq-dev_9.3.7-0ubuntu0.14.04_arm64.deb 43bdaec82d42b5e30b49a8aba9a74723cf18684c 66432 libpq5_9.3.7-0ubuntu0.14.04_arm64.deb b8566b00331057b353ef6fe2681d79c4519dea2b 29556 libecpg6_9.3.7-0ubuntu0.14.04_arm64.deb 8caa8ff914c7928d107ceaa3afa1e3353e315c5f 185784 libecpg-dev_9.3.7-0ubuntu0.14.04_arm64.deb 8f89d76e8aa3932926080c4f0a9492e4c4ffcb76 9614 libecpg-compat3_9.3.7-0ubuntu0.14.04_arm64.deb afd6fb0adcd8425c9e477c13579c4be2d3b2d7ca 34326 libpgtypes3_9.3.7-0ubuntu0.14.04_arm64.deb 3a8ac2cd6d4b0ff0b6f44565cd8a46bb0393a24c 2253898 postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 69a6f592b8af8864d37217d4600e57559ed54859 7169514 postgresql-9.3-dbg_9.3.7-0ubuntu0.14.04_arm64.deb 33105549f32052082a01134e2adefb7c0a913eb9 717468 postgresql-client-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 9ca75cc65bd344bfd5f0d5559115a7a9ffb3b761 595592 postgresql-server-dev-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 4ac34b835dd3c4cec4b012cf5c18ec328bbade78 338782 postgresql-contrib-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 7cdcfff10c9eada44ed2b5e2d12f73c3e06adf7d 32658 postgresql-plperl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 6c78e962849bf20f3b771f0987359ce89f4dd0d8 33694 postgresql-plpython-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 375a735e631f223b221caddc1101d107db2b1595 33346 postgresql-plpython3-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 7a436f8d7ea6ee4072e81ae32e48c86ed216d310 19680 postgresql-pltcl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb cd9f554722ab68743fbf5e6e839d9cf784a22150 930 libpq-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb d07960de8734d4bfefba3951ecc60579255d5098 1018 libpq5-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 2d2d669d2ad24d8e3b238affb099f2784cf8389d 904 libecpg6-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 4ef5484cba817ee60f81c31106e0996dbd507a81 1012 libecpg-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb ef6c0813e8ab05b77ddaa1079218f92476a29ff7 908 libecpg-compat3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb a1b5d62479d3352266b03a23cfbd9c30f8aa53b0 906 libpgtypes3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb aa453ed71f767a2500a68cebb40fd0de3b01a939 1216 postgresql-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb c4a7c2f2237c4ed23e196357104f26e7424c5084 1054 postgresql-client-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb e20bf869d2efb404f5ca08275cb44f385c770766 1014 postgresql-server-dev-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 8a061ac311de9a8a3e5fe98dc975d042fbb5806a 2112 postgresql-contrib-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 6c66c906911f9b2f49047fd494ef325fc1d90e63 950 postgresql-plperl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 7344a371999dfa521386494760f04234aa43876b 952 postgresql-plpython-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb cab1b5e895d5f36d9848afabab0f056bd4746e23 954 postgresql-plpython3-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 3846344f4873894229b7fdf5ec00c4d4e7303f09 948 postgresql-pltcl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 31ef9a49e01f2a118f302d2f51f2d7423c9b4508 5086666 postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64_translations.tar.gz Checksums-Sha256: 780d6240c2246c60e5fb1072bbb8a24d78e717c0398af6670e5e7d0bdce9ecc9 123882 libpq-dev_9.3.7-0ubuntu0.14.04_arm64.deb 9e56785b78977c9c3c9c38e1a5b38b58f4f879efedff2a61c4e58d273119750e 66432 libpq5_9.3.7-0ubuntu0.14.04_arm64.deb de1b636b4d45d943700eba0d0d01893ccd26a7a492712423444d210e6d29be23 29556 libecpg6_9.3.7-0ubuntu0.14.04_arm64.deb d7c0c430582f0122c9b1b20c43c1d10b73a74bc34bc12b53d4493254b22a7804 185784 libecpg-dev_9.3.7-0ubuntu0.14.04_arm64.deb a6ae1845a028501c07209aaec7a34e6f7d0e32f95c54b6b1ffb0fe8afeb3f97a 9614 libecpg-compat3_9.3.7-0ubuntu0.14.04_arm64.deb 24fd2d0ac02a5be54b5d55ccf99c49b5b82a87bee1dd8590bbb67636c0613ae6 34326 libpgtypes3_9.3.7-0ubuntu0.14.04_arm64.deb a170b847eb091eaa8c5dec2c43874f8ff5809a364c7dd87412b58627afbd04f9 2253898 postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64.deb abc73ce1c6482f098015b6a68c364d712b46deb44165a562075477510e1f44c9 7169514 postgresql-9.3-dbg_9.3.7-0ubuntu0.14.04_arm64.deb d9b26ab6f31d68355c4f24637c85c9de686aab177333fbdc55d725b7a9a8e8fd 717468 postgresql-client-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 3575eac9f9b2ffa5c0a43c4cf9152d6e4f7739d36e42850a4f5f17dde3c7ecbc 595592 postgresql-server-dev-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 3432eaea88e9e93b8f2d3941151129d3786bc09f8109df1e514456029c1f1f89 338782 postgresql-contrib-9.3_9.3.7-0ubuntu0.14.04_arm64.deb dd0b9dbd625d1b10f89841d009d4b896eed0e03aa066d3b1bbac595e4a829a84 32658 postgresql-plperl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 66baf9e4650d5be674cd46910bb4c585e33351f3437f1cc94dd1d12e132d5b04 33694 postgresql-plpython-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 8ce0b2179f9821084769b1e6791894755974dc1dbbec044f61e6293e80a176d4 33346 postgresql-plpython3-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 22bd91a65f998204f94b2f0c6f71bfbe882688920b55be0b0818a752fe348e61 19680 postgresql-pltcl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 36bcc597d1f4c3ec93ed43ebdc826b6d6400949e9e1e14fc1a5c8cc72e9acd31 930 libpq-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 713ddde75d9db7bbdf087b002bac445cc43d967ee7fd3556ad8f5ec1e2cfc652 1018 libpq5-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 869d6e53c6273b89b705f7f7125c76a5d805ada1c6ecea02050d3517b882a763 904 libecpg6-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb b235d86fc00c2ef2fc21f5485795d67136b2f6238b8a7ce453705d4559bdec18 1012 libecpg-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 929c6e5c78ee55aac3b4426caadc842222f360cb706d5ce77e2f4affef6553c9 908 libecpg-compat3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb eba33e4cd6c6c8f008cdc3afca60ce5a83e0da1470c3712a605938dbe51e6264 906 libpgtypes3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 8692ec7ff2e20924297c132c7333d88c5414627960026bf852ab578af127ab59 1216 postgresql-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb a8a8ff630d9e4780172c4f6b562725ca14e15d39907478d3d2a9d9b708bff892 1054 postgresql-client-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 42ae15042f205af77fbcf8fd9294c8c185d5d2b3452dd6b292d840286f0b8e58 1014 postgresql-server-dev-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 05f5af3a3034f0e346d77652eda19912b3f4b57ba3296d246f56466907b887fd 2112 postgresql-contrib-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 11abf4fd5d7064998c836def67bdb45654cfacfa46ff1fb9d7af9418fde4dc8f 950 postgresql-plperl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 5239a3911845e1e0d5b0ea78f40bb872a5e77fd8b46d2406b5b532ddf5072abf 952 postgresql-plpython-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb aed294ccbe720f031167d7efcca7190e8f7f356c127ec5ad2c13e4dd87d9bf65 954 postgresql-plpython3-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb d491fb2a63a57f59b65a5ac8374f34a21078fb0a6f4a4cb56ce68a918fab8d8b 948 postgresql-pltcl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb b05779243178fe200036f6f99378d14df6b7ad84085f27c8e1c38264fcfc4fb5 5086666 postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64_translations.tar.gz Files: 8b996dfdfa58d36e704242d4013b7993 123882 libdevel optional libpq-dev_9.3.7-0ubuntu0.14.04_arm64.deb bfee18d507954ed37e607628d6dde1d4 66432 libs optional libpq5_9.3.7-0ubuntu0.14.04_arm64.deb 7cb8b68db58188171fc2f1e6922bf5a0 29556 libs optional libecpg6_9.3.7-0ubuntu0.14.04_arm64.deb 79256aff37259b4b05725b214192b522 185784 libdevel optional libecpg-dev_9.3.7-0ubuntu0.14.04_arm64.deb 96884021d5ff627110c01ee9c0222cd3 9614 libs optional libecpg-compat3_9.3.7-0ubuntu0.14.04_arm64.deb c80c30c7476be05f5622a63b19e28287 34326 libs optional libpgtypes3_9.3.7-0ubuntu0.14.04_arm64.deb d063eed7f38cb73357704857db164dae 2253898 database optional postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 11e9efc3986c1f4ab56afb5f1a37be67 7169514 debug extra postgresql-9.3-dbg_9.3.7-0ubuntu0.14.04_arm64.deb 85fb0853f6ee0a073dc442b3f41dc63e 717468 database optional postgresql-client-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 0ab1800464a992865dc38060e0514da3 595592 libdevel optional postgresql-server-dev-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 5c68eb6715e520b478465f3a07adac58 338782 database optional postgresql-contrib-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 9cbfd86668f86763ab3f79bf50d35934 32658 database optional postgresql-plperl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 6c289e1ae6c673b8e49efbc9d85a4396 33694 database optional postgresql-plpython-9.3_9.3.7-0ubuntu0.14.04_arm64.deb b3e4ab879d39477819b86cffaaa29245 33346 database optional postgresql-plpython3-9.3_9.3.7-0ubuntu0.14.04_arm64.deb c22261ff90867d674ed6d5e66e0fa224 19680 database optional postgresql-pltcl-9.3_9.3.7-0ubuntu0.14.04_arm64.deb 86ef26fca264b5bf41722b6dfb8fecc7 930 libdevel extra libpq-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb a398388ed253d4e56928a15b5aceafd7 1018 libs extra libpq5-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 33943ad0087b0f0bc792449ba60b2c94 904 libs extra libecpg6-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb f7224d1d53583533661b2ab1624e6832 1012 libdevel extra libecpg-dev-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb a87328eb9ae03c3de856f84fb03fdc18 908 libs extra libecpg-compat3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 4e289f2255ebb88a18ca4cdd5e89ab50 906 libs extra libpgtypes3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 26e4e1ed3da394cbdd37c7685c2b7495 1216 database extra postgresql-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 494440b6899f6bcd30475a94706a5b83 1054 database extra postgresql-client-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 449e31d4989874635519c7b09bb43ce6 1014 libdevel extra postgresql-server-dev-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb a965b1f976b73a5eaf0b456b47e9ff23 2112 database extra postgresql-contrib-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 3a2cf47192d9035f53865d487ef9e2a9 950 database extra postgresql-plperl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 68a863e0d1973c099d0172e65f729958 952 database extra postgresql-plpython-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 0f7d4502558549b12da384e21222ff6b 954 database extra postgresql-plpython3-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb e8019421f75e61c52a6804975402e9c8 948 database extra postgresql-pltcl-9.3-dbgsym_9.3.7-0ubuntu0.14.04_arm64.ddeb 0efbc2c133bc334d95f66ed115304e82 5086666 raw-translations - postgresql-9.3_9.3.7-0ubuntu0.14.04_arm64_translations.tar.gz Original-Maintainer: Debian PostgreSQL Maintainers