desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #143502
[Bug 1504132] Re: New upstream microreleases 9.1.19, 9.3.10, 9.4.5
This bug was fixed in the package postgresql-9.1 - 9.1.19-0ubuntu0.12.04
---------------
postgresql-9.1 (9.1.19-0ubuntu0.12.04) precise-security; urgency=medium
* New upstream security/bug fix release (LP: #1504132)
- Fix contrib/pgcrypto to detect and report too-short crypt() salts
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of attacks
that arrange for presence of confidential information in the disclosed
bytes, but they seem unlikely. (CVE-2015-5288)
- See release notes for details about other fixes.
-- Martin Pitt <martin.pitt@xxxxxxxxxx> Thu, 08 Oct 2015 16:03:41
+0200
** Changed in: postgresql-9.1 (Ubuntu Precise)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-9.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1504132
Title:
New upstream microreleases 9.1.19, 9.3.10, 9.4.5
Status in postgresql-9.1 package in Ubuntu:
Invalid
Status in postgresql-9.3 package in Ubuntu:
Invalid
Status in postgresql-9.4 package in Ubuntu:
Fix Released
Status in postgresql-9.1 source package in Precise:
Fix Released
Status in postgresql-9.1 source package in Trusty:
Fix Released
Status in postgresql-9.3 source package in Trusty:
Fix Released
Status in postgresql-9.4 source package in Vivid:
Fix Released
Status in postgresql-9.4 source package in Wily:
Fix Released
Bug description:
Today PostgreSQL published new microreleases. They fix two CVEs, and
the usual bunch of bugs: http://www.postgresql.org/about/news/1615/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1504132/+subscriptions
References
