postgresql-8.0 8.0.3-15ubuntu2.3 source package in Ubuntu
Changelog
postgresql-8.0 (8.0.3-15ubuntu2.3) breezy-security; urgency=low * SECURITY UPDATE: Read out arbitrary memory locations from the server, local DoS. * Add debian/patches/87-cvs_sql_fun_typecheck.patch: - Repair insufficiently careful type checking for SQL-language functions. Not only can one trivially crash the backend, but with appropriate misuse of pass-by-reference datatypes it is possible to read out arbitrary locations in the server process's memory, which could allow retrieving database content the user should not be able to see. - Discovered by Jeff Trout. - Patch backported from 8.0.11 from CVS: http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/functions.c.diff?r1=1.91.4.2;r2=1.91.4.3 http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/optimizer/util/clauses.c.diff?r1=1.186.4.4;r2=1.186.4.5 - CVE-2007-0555 * Add debian/patches/88-cvs-max-utf8-wchar-len.patch: - Update various string functions to support the maximum UTF-8 sequence length for 4-byte character set to prevent buffer overflows. - Patch backported from 8.0.11 from CVS: http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/wchar.c.diff?r1=1.40.4.2;r2=1.40.4.3 * Add debian/patches/89-cvs-whole-row-vars.patch: - Back-patch fix for proper labeling of whole-row Datums generated from subquery results. - Patch backported from upstream CVS: http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171;r2=1.171.4.1 - This patch is necessary to make the CVE-2007-0556 patch backportable. * Add debian/patches/90-cvs-empty-subarrays.patch: - Repair ARRAY[] constructs whose inputs are empty sub-arrays. - Patch backported from upstream CVS: http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171.4.1;r2=1.171.4.2 - This patch is necessary to make the CVE-2007-0556 patch backportable. * Add debian/patches/91-cvs-table-plan-consistency.patch: - Check that a table is still compatible with a previously made query plan. Use of ALTER COLUMN TYPE creates a hazard for cached query plans: they could contain vars that claim a column has a different type than it now has. Not only can one trivially crash the backend, but with appropriate misuse of pass-by-reference datatypes it is possible to read out arbitrary locations in the server process's memory, which could allow retrieving database content the user should not be able to see. - Discovered by Jeff Trout. - Patch backported from 8.0.11 from CVS: http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/tablecmds.c.diff?r1=1.142.4.6;r2=1.142.4.7 http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execQual.c.diff?r1=1.171.4.2;r2=1.171.4.3 http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execScan.c.diff?r1=1.34.4.1;r2=1.34.4.2 - CVE-2007-0556 -- Martin Pitt <email address hidden> Mon, 5 Feb 2007 10:17:32 +0100
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Breezy
- Original maintainer:
- Martin Pitt
- Architectures:
- any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
postgresql-8.0_8.0.3.orig.tar.gz | 10.3 MiB | eb8d8d563ac559e368cb221bdf8676e15db662cde797a5eef446f4282a2a9c5e |
postgresql-8.0_8.0.3-15ubuntu2.3.diff.gz | 67.3 KiB | eea93f5d3d602c855771c4899a346767cb565cb7ee393a454a0bcaf82d6aa9f0 |
postgresql-8.0_8.0.3-15ubuntu2.3.dsc | 1.1 KiB | f8d3d9f525641481f13710212bb2be0382be4a9b3c3553bd5d438d1edd643cbe |
Binary packages built by this source
- libecpg-compat2: No summary available for libecpg-compat2 in ubuntu breezy.
No description available for libecpg-compat2 in ubuntu breezy.
- libecpg-dev: No summary available for libecpg-dev in ubuntu breezy.
No description available for libecpg-dev in ubuntu breezy.
- libecpg5: No summary available for libecpg5 in ubuntu breezy.
No description available for libecpg5 in ubuntu breezy.
- libpgtypes2: No summary available for libpgtypes2 in ubuntu breezy.
No description available for libpgtypes2 in ubuntu breezy.
- libpq-dev: No summary available for libpq-dev in ubuntu breezy.
No description available for libpq-dev in ubuntu breezy.
- libpq4: No summary available for libpq4 in ubuntu breezy.
No description available for libpq4 in ubuntu breezy.
- postgresql-8.0: No summary available for postgresql-8.0 in ubuntu breezy.
No description available for postgresql-8.0 in ubuntu breezy.
- postgresql-client-8.0: No summary available for postgresql-client-8.0 in ubuntu breezy.
No description available for postgresql-
client- 8.0 in ubuntu breezy.
- postgresql-contrib-8.0: No summary available for postgresql-contrib-8.0 in ubuntu breezy.
No description available for postgresql-
contrib- 8.0 in ubuntu breezy.
- postgresql-doc-8.0: No summary available for postgresql-doc-8.0 in ubuntu breezy.
No description available for postgresql-doc-8.0 in ubuntu breezy.
- postgresql-plperl-8.0: No summary available for postgresql-plperl-8.0 in ubuntu breezy.
No description available for postgresql-
plperl- 8.0 in ubuntu breezy.
- postgresql-plpython-8.0: No summary available for postgresql-plpython-8.0 in ubuntu breezy.
No description available for postgresql-
plpython- 8.0 in ubuntu breezy.
- postgresql-pltcl-8.0: No summary available for postgresql-pltcl-8.0 in ubuntu breezy.
No description available for postgresql-
pltcl-8. 0 in ubuntu breezy.
- postgresql-server-dev-8.0: No summary available for postgresql-server-dev-8.0 in ubuntu breezy.
No description available for postgresql-
server- dev-8.0 in ubuntu breezy.