Comment 5 for bug 1457093

This bug was fixed in the package postgresql-9.1 - 9.1.16-0ubuntu0.14.04

---------------
postgresql-9.1 (9.1.16-0ubuntu0.14.04) trusty-security; urgency=medium

  * New upstream security/bug fix release (LP: #1457093)
    - Improve detection of system-call failures
      Our replacement implementation of snprintf() failed to check for errors
      reported by the underlying system library calls; the main case that
      might be missed is out-of-memory situations. In the worst case this
      might lead to information exposure, due to our code assuming that a
      buffer had been overwritten when it hadn't been. Also, there were a few
      places in which security-relevant calls of other system library
      functions did not check for failure.
      It remains possible that some calls of the *printf() family of functions
      are vulnerable to information disclosure if an out-of-memory error
      occurs at just the wrong time. We judge the risk to not be large, but
      will continue analysis in this area. (CVE-2015-3166)
   - Note: The other vulnerabilities fixed in 9.1.16 don't affect this version
     as we build the PL/Perl package only.

 -- Martin Pitt <email address hidden> Wed, 20 May 2015 23:16:18 +0200