* New upstream security/bug fix release: (LP: #1116336)
- Prevent execution of enum_recv from SQL
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
- See HISTORY/changelog.gz for details about other changes.
* 03-gettext-domains.patch: Unfuzz for new version.
-- Martin Pitt <email address hidden> Wed, 06 Feb 2013 09:02:48 +0100
This bug was fixed in the package postgresql-8.3 - 8.3.23-0ubuntu8.04
--------------- 0ubuntu8. 04) hardy-security; urgency=low
postgresql-8.3 (8.3.23-
* New upstream security/bug fix release: (LP: #1116336) changelog. gz for details about other changes. domains. patch: Unfuzz for new version.
- Prevent execution of enum_recv from SQL
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
- See HISTORY/
* 03-gettext-
-- Martin Pitt <email address hidden> Wed, 06 Feb 2013 09:02:48 +0100