Ubuntu
postgresql-9.1 package

New upstream microreleases 9.1.8, 8.4.16, 8.3.23

Bug #1116336 reported by Martin Pitt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.3 (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
postgresql-8.4 (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
postgresql-9.1 (Ubuntu)
Fix Released
High
Martin Pitt
Oneiric
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
High
Martin Pitt

Bug Description

PostgreSQL will announce new upstream microreleases in two days which include one security issue. I'll update the description with the official annoucement once it goes public.

The updates are on lillypilly.canonical.com:~pitti/psql/ . I'll move them to a HTTP accessible location once upstream goes public.

UPDATE 2013-02-07: It's out, http://www.postgresql.org/about/news/1446/.

I moved the updates to http://people.canonical.com/~pitti/packages/psql/ , aka lillypilly.canonical.com:~pitti/public_html/packages/psql/.

See original description
Revision history for this message
Martin Pitt (pitti) wrote :

Debian unstable upload for 9.1 is prepared already, which we'll upload/sync once the new release gets published.

no longer affects: postgresql-8.4 (Ubuntu Hardy)
no longer affects: postgresql-8.4 (Ubuntu Oneiric)
no longer affects: postgresql-8.3 (Ubuntu Lucid)
no longer affects: postgresql-8.3 (Ubuntu Oneiric)
no longer affects: postgresql-8.3 (Ubuntu Precise)
no longer affects: postgresql-8.3 (Ubuntu Quantal)
no longer affects: postgresql-8.3 (Ubuntu Raring)
no longer affects: postgresql-8.4 (Ubuntu Quantal)
no longer affects: postgresql-8.4 (Ubuntu Raring)
Changed in postgresql-8.3 (Ubuntu):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu):
status: New → Invalid
no longer affects: postgresql-9.1 (Ubuntu Hardy)
no longer affects: postgresql-9.1 (Ubuntu Lucid)
Changed in postgresql-9.1 (Ubuntu Raring):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → Fix Committed
Martin Pitt (pitti)
description: updated
Martin Pitt (pitti)
information type: Private Security → Public
Martin Pitt (pitti)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

$ rmadison -s raring postgresql-9.1
postgresql-9.1 | 9.1.8-1 | raring | source, amd64, armhf, i386, powerpc

Changed in postgresql-9.1 (Ubuntu Raring):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

I got a rejection message for oneiric, as I accidentally targetted that at oneiric-proposed. I fixed that to say oneiric-security and put the new package here:

http://people.canonical.com/~pitti/packages/psql/oneiric/

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu12.10

---------------
postgresql-9.1 (9.1.8-0ubuntu12.10) quantal-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:07:05 +0100

Changed in postgresql-9.1 (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu11.10

---------------
postgresql-9.1 (9.1.8-0ubuntu11.10) oneiric-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 18:13:52 +0100

Changed in postgresql-9.1 (Ubuntu Oneiric):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.3 - 8.3.23-0ubuntu8.04

---------------
postgresql-8.3 (8.3.23-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for details about other changes.
  * 03-gettext-domains.patch: Unfuzz for new version.
 -- Martin Pitt <email address hidden> Wed, 06 Feb 2013 09:02:48 +0100

Changed in postgresql-8.3 (Ubuntu Hardy):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.16-0ubuntu10.04

---------------
postgresql-8.4 (8.4.16-0ubuntu10.04) lucid-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Wed, 06 Feb 2013 08:33:25 +0100

Changed in postgresql-8.4 (Ubuntu Lucid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu12.04

---------------
postgresql-9.1 (9.1.8-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:19:31 +0100

Changed in postgresql-9.1 (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.16-0ubuntu12.04

---------------
postgresql-8.4 (8.4.16-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:27:57 +0100

Changed in postgresql-8.4 (Ubuntu Precise):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.