Comment 4 for bug 1544576

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.1 - 9.1.20-0ubuntu0.12.04

postgresql-9.1 (9.1.20-0ubuntu0.12.04) precise-security; urgency=medium

  * New upstream security/bug fix release: (LP: #1544576)
    - Fix infinite loops and buffer-overrun problems in regular expressions.
      Very large character ranges in bracket expressions could cause infinite
      loops in some cases, and memory overwrites in other cases.
    - Prevent certain PL/Java parameters from being set by non-superusers.
      This change mitigates a PL/Java security bug (CVE-2016-0766), which was
      fixed in PL/Java by marking these parameters as superuser-only. To fix
      the security hazard for sites that update PostgreSQL more frequently
      than PL/Java, make the core code aware of them also.
    - See release notes for details about other fixes.

 -- Martin Pitt <email address hidden> Thu, 11 Feb 2016 15:41:29 +0100