New upstream microreleases 9.1.8, 8.4.16, 8.3.23

Bug #1116336 reported by Martin Pitt on 2013-02-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.3 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
postgresql-8.4 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
postgresql-9.1 (Ubuntu)
High
Martin Pitt
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
High
Martin Pitt

Bug Description

PostgreSQL will announce new upstream microreleases in two days which include one security issue. I'll update the description with the official annoucement once it goes public.

The updates are on lillypilly.canonical.com:~pitti/psql/ . I'll move them to a HTTP accessible location once upstream goes public.

UPDATE 2013-02-07: It's out, http://www.postgresql.org/about/news/1446/.

I moved the updates to http://people.canonical.com/~pitti/packages/psql/ , aka lillypilly.canonical.com:~pitti/public_html/packages/psql/.

Martin Pitt (pitti) wrote :

Debian unstable upload for 9.1 is prepared already, which we'll upload/sync once the new release gets published.

no longer affects: postgresql-8.4 (Ubuntu Hardy)
no longer affects: postgresql-8.4 (Ubuntu Oneiric)
no longer affects: postgresql-8.3 (Ubuntu Lucid)
no longer affects: postgresql-8.3 (Ubuntu Oneiric)
no longer affects: postgresql-8.3 (Ubuntu Precise)
no longer affects: postgresql-8.3 (Ubuntu Quantal)
no longer affects: postgresql-8.3 (Ubuntu Raring)
no longer affects: postgresql-8.4 (Ubuntu Quantal)
no longer affects: postgresql-8.4 (Ubuntu Raring)
Changed in postgresql-8.3 (Ubuntu):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu):
status: New → Invalid
no longer affects: postgresql-9.1 (Ubuntu Hardy)
no longer affects: postgresql-9.1 (Ubuntu Lucid)
Changed in postgresql-9.1 (Ubuntu Raring):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → Fix Committed
Martin Pitt (pitti) on 2013-02-06
description: updated
Martin Pitt (pitti) on 2013-02-07
information type: Private Security → Public
Martin Pitt (pitti) on 2013-02-07
description: updated
Martin Pitt (pitti) wrote :

$ rmadison -s raring postgresql-9.1
postgresql-9.1 | 9.1.8-1 | raring | source, amd64, armhf, i386, powerpc

Changed in postgresql-9.1 (Ubuntu Raring):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

I got a rejection message for oneiric, as I accidentally targetted that at oneiric-proposed. I fixed that to say oneiric-security and put the new package here:

http://people.canonical.com/~pitti/packages/psql/oneiric/

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu12.10

---------------
postgresql-9.1 (9.1.8-0ubuntu12.10) quantal-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:07:05 +0100

Changed in postgresql-9.1 (Ubuntu Quantal):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu11.10

---------------
postgresql-9.1 (9.1.8-0ubuntu11.10) oneiric-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 18:13:52 +0100

Changed in postgresql-9.1 (Ubuntu Oneiric):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.3 - 8.3.23-0ubuntu8.04

---------------
postgresql-8.3 (8.3.23-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for details about other changes.
  * 03-gettext-domains.patch: Unfuzz for new version.
 -- Martin Pitt <email address hidden> Wed, 06 Feb 2013 09:02:48 +0100

Changed in postgresql-8.3 (Ubuntu Hardy):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.16-0ubuntu10.04

---------------
postgresql-8.4 (8.4.16-0ubuntu10.04) lucid-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Wed, 06 Feb 2013 08:33:25 +0100

Changed in postgresql-8.4 (Ubuntu Lucid):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.8-0ubuntu12.04

---------------
postgresql-9.1 (9.1.8-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:19:31 +0100

Changed in postgresql-9.1 (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.16-0ubuntu12.04

---------------
postgresql-8.4 (8.4.16-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server. In principle an attacker might be able to use it to examine the
      contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.
 -- Martin Pitt <email address hidden> Tue, 05 Feb 2013 16:27:57 +0100

Changed in postgresql-8.4 (Ubuntu Precise):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers