Ubuntu
postgresql-8.0 package

postgresql-8.0 8.0.3-15ubuntu2.3 source package in Ubuntu

Changelog

postgresql-8.0 (8.0.3-15ubuntu2.3) breezy-security; urgency=low

   * SECURITY UPDATE: Read out arbitrary memory locations from the server,
     local DoS.
   * Add debian/patches/87-cvs_sql_fun_typecheck.patch:
     - Repair insufficiently careful type checking for SQL-language functions.
       Not only can one trivially crash the backend, but with appropriate
       misuse of pass-by-reference datatypes it is possible to read out
       arbitrary locations in the server process's memory, which could allow
       retrieving database content the user should not be able to see.
     - Discovered by Jeff Trout.
     - Patch backported from 8.0.11 from CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.91.4.2;r2=1.91.4.3
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.186.4.4;r2=1.186.4.5
     - CVE-2007-0555
   * Add debian/patches/88-cvs-max-utf8-wchar-len.patch:
     - Update various string functions to support the maximum UTF-8 sequence
       length for 4-byte character set to prevent buffer overflows.
     - Patch backported from 8.0.11 from CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.40.4.2;r2=1.40.4.3
   * Add debian/patches/89-cvs-whole-row-vars.patch:
     - Back-patch fix for proper labeling of whole-row Datums generated from
       subquery results.
     - Patch backported from upstream CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171;r2=1.171.4.1
     - This patch is necessary to make the CVE-2007-0556 patch backportable.
   * Add debian/patches/90-cvs-empty-subarrays.patch:
     - Repair ARRAY[] constructs whose inputs are empty sub-arrays.
     - Patch backported from upstream CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171.4.1;r2=1.171.4.2
     - This patch is necessary to make the CVE-2007-0556 patch backportable.
   * Add debian/patches/91-cvs-table-plan-consistency.patch:
     - Check that a table is still compatible with a previously made query
       plan. Use of ALTER COLUMN TYPE creates a hazard for cached query plans:
       they could contain vars that claim a column has a different type than it
       now has.  Not only can one trivially crash the backend, but with
       appropriate misuse of pass-by-reference datatypes it is possible to read
       out arbitrary locations in the server process's memory, which could allow
       retrieving database content the user should not be able to see.
     - Discovered by Jeff Trout.
     - Patch backported from 8.0.11 from CVS:
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/tablecmds.c.diff?r1=1.142.4.6;r2=1.142.4.7
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171.4.2;r2=1.171.4.3
       http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execScan.c.diff?r1=1.34.4.1;r2=1.34.4.2
     - CVE-2007-0556

 -- Martin Pitt <email address hidden>   Mon,  5 Feb 2007 10:17:32 +0100

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Breezy
Original maintainer:
Martin Pitt
Architectures:
any
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
postgresql-8.0_8.0.3.orig.tar.gz 10.3 MiB eb8d8d563ac559e368cb221bdf8676e15db662cde797a5eef446f4282a2a9c5e
postgresql-8.0_8.0.3-15ubuntu2.3.diff.gz 67.3 KiB eea93f5d3d602c855771c4899a346767cb565cb7ee393a454a0bcaf82d6aa9f0
postgresql-8.0_8.0.3-15ubuntu2.3.dsc 1.1 KiB f8d3d9f525641481f13710212bb2be0382be4a9b3c3553bd5d438d1edd643cbe

View changes file

Binary packages built by this source

libecpg-compat2: No summary available for libecpg-compat2 in ubuntu breezy.

No description available for libecpg-compat2 in ubuntu breezy.

libecpg-dev: No summary available for libecpg-dev in ubuntu breezy.

No description available for libecpg-dev in ubuntu breezy.

libecpg5: No summary available for libecpg5 in ubuntu breezy.

No description available for libecpg5 in ubuntu breezy.

libpgtypes2: No summary available for libpgtypes2 in ubuntu breezy.

No description available for libpgtypes2 in ubuntu breezy.

libpq-dev: No summary available for libpq-dev in ubuntu breezy.

No description available for libpq-dev in ubuntu breezy.

libpq4: No summary available for libpq4 in ubuntu breezy.

No description available for libpq4 in ubuntu breezy.

postgresql-8.0: No summary available for postgresql-8.0 in ubuntu breezy.

No description available for postgresql-8.0 in ubuntu breezy.

postgresql-client-8.0: No summary available for postgresql-client-8.0 in ubuntu breezy.

No description available for postgresql-client-8.0 in ubuntu breezy.

postgresql-contrib-8.0: No summary available for postgresql-contrib-8.0 in ubuntu breezy.

No description available for postgresql-contrib-8.0 in ubuntu breezy.

postgresql-doc-8.0: No summary available for postgresql-doc-8.0 in ubuntu breezy.

No description available for postgresql-doc-8.0 in ubuntu breezy.

postgresql-plperl-8.0: No summary available for postgresql-plperl-8.0 in ubuntu breezy.

No description available for postgresql-plperl-8.0 in ubuntu breezy.

postgresql-plpython-8.0: No summary available for postgresql-plpython-8.0 in ubuntu breezy.

No description available for postgresql-plpython-8.0 in ubuntu breezy.

postgresql-pltcl-8.0: No summary available for postgresql-pltcl-8.0 in ubuntu breezy.

No description available for postgresql-pltcl-8.0 in ubuntu breezy.

postgresql-server-dev-8.0: No summary available for postgresql-server-dev-8.0 in ubuntu breezy.

No description available for postgresql-server-dev-8.0 in ubuntu breezy.