Ubuntu
postgresql-7.4 package

postgresql-7.4 1:7.4.8-17ubuntu1.4 source package in Ubuntu

Changelog

postgresql-7.4 (1:7.4.8-17ubuntu1.4) breezy-security; urgency=low

  * SECURITY UPDATE: Read out arbitrary memory locations from the server,
    local DoS.
  * Add debian/patches/56_cvs_sql_fun_typecheck.patch:
    - Repair insufficiently careful type checking for SQL-language functions.
      Not only can one trivially crash the backend, but with appropriate
      misuse of pass-by-reference datatypes it is possible to read out
      arbitrary locations in the server process's memory, which could allow
      retrieving database content the user should not be able to see.
    - Discovered by Jeff Trout.
    - Patch backported from 7.4.16 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.75.2.1;r2=1.75.2.2
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.154.2.4;r2=1.154.2.5
    - CVE-2007-0555
  * Add debian/patches/57_max_utf8_wchar_len.patch:
    - Update various string functions to support the maximum UTF-8 sequence
      length for 4-byte character set to prevent buffer overflows.
    - Patch backported from 7.4.16 from CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.34.2.2;r2=1.34.2.3

 -- Martin Pitt <email address hidden>   Sun,  4 Feb 2007 22:17:39 +0100

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Breezy
Original maintainer:
Martin Pitt
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
postgresql-7.4_7.4.8.orig.tar.gz 9.5 MiB 2d65f932b453b67a06db7bf1e403580347908ec0a1371f071e3c3642eb7d054e
postgresql-7.4_7.4.8-17ubuntu1.4.diff.gz 60.2 KiB 0131e88b56f2c617d87b782fad9cc18e3584bc84ba99061e979e96361fe486cb
postgresql-7.4_7.4.8-17ubuntu1.4.dsc 1.0 KiB 4204d872f883f05593e9a6f065c9e666ef6240f5b566123b71859564550027d5

View changes file

Binary packages built by this source

libpq3: No summary available for libpq3 in ubuntu breezy.

No description available for libpq3 in ubuntu breezy.

postgresql-7.4: No summary available for postgresql-7.4 in ubuntu breezy.

No description available for postgresql-7.4 in ubuntu breezy.

postgresql-client-7.4: No summary available for postgresql-client-7.4 in ubuntu breezy.

No description available for postgresql-client-7.4 in ubuntu breezy.

postgresql-contrib-7.4: No summary available for postgresql-contrib-7.4 in ubuntu breezy.

No description available for postgresql-contrib-7.4 in ubuntu breezy.

postgresql-doc-7.4: No summary available for postgresql-doc-7.4 in ubuntu breezy.

No description available for postgresql-doc-7.4 in ubuntu breezy.

postgresql-plperl-7.4: No summary available for postgresql-plperl-7.4 in ubuntu breezy.

No description available for postgresql-plperl-7.4 in ubuntu breezy.

postgresql-plpython-7.4: No summary available for postgresql-plpython-7.4 in ubuntu breezy.

No description available for postgresql-plpython-7.4 in ubuntu breezy.

postgresql-pltcl-7.4: No summary available for postgresql-pltcl-7.4 in ubuntu breezy.

No description available for postgresql-pltcl-7.4 in ubuntu breezy.

postgresql-server-dev-7.4: No summary available for postgresql-server-dev-7.4 in ubuntu breezy.

No description available for postgresql-server-dev-7.4 in ubuntu breezy.