* New upstream security/bug fix release (LP: #1504132)
- Fix contrib/pgcrypto to detect and report too-short crypt() salts
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Thu, 08 Oct 2015 16:03:41 +0200
This bug was fixed in the package postgresql-9.1 - 9.1.19- 0ubuntu0. 12.04
--------------- 0ubuntu0. 12.04) precise-security; urgency=medium
postgresql-9.1 (9.1.19-
* New upstream security/bug fix release (LP: #1504132)
- Fix contrib/pgcrypto to detect and report too-short crypt() salts
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
- See release notes for details about other fixes.
-- Martin Pitt <email address hidden> Thu, 08 Oct 2015 16:03:41 +0200