← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #160991

[Bug 1544576] Re: New upstream microreleases 9.1.20, 9.3.11, 9.4.6

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package postgresql-9.3 - 9.3.11-0ubuntu0.14.04

---------------
postgresql-9.3 (9.3.11-0ubuntu0.14.04) trusty-security; urgency=medium

  * New upstream security/bug fix release: (LP: #1544576)
    - Fix infinite loops and buffer-overrun problems in regular expressions.
      Very large character ranges in bracket expressions could cause infinite
      loops in some cases, and memory overwrites in other cases.
      (CVE-2016-0773)
    - Prevent certain PL/Java parameters from being set by non-superusers.
      This change mitigates a PL/Java security bug (CVE-2016-0766), which was
      fixed in PL/Java by marking these parameters as superuser-only. To fix
      the security hazard for sites that update PostgreSQL more frequently
      than PL/Java, make the core code aware of them also.
    - See release notes for details about other fixes.

 -- Martin Pitt <martin.pitt@xxxxxxxxxx>  Thu, 11 Feb 2016 15:44:43
+0100

** Changed in: postgresql-9.3 (Ubuntu Trusty)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-9.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1544576

Title:
  New upstream microreleases 9.1.20, 9.3.11, 9.4.6

Status in postgresql-9.1 package in Ubuntu:
  Invalid
Status in postgresql-9.3 package in Ubuntu:
  Invalid
Status in postgresql-9.4 package in Ubuntu:
  Invalid
Status in postgresql-9.1 source package in Precise:
  Fix Released
Status in postgresql-9.1 source package in Trusty:
  Fix Released
Status in postgresql-9.3 source package in Trusty:
  Fix Released
Status in postgresql-9.4 source package in Wily:
  Fix Released

Bug description:
  PostgreSQL just announced new microreleases with a security and some
  bug fixes: http://www.postgresql.org/about/news/1644/

  Xenial has 9.5.0 ATM, but will auto-sync 9.5.1-1 from Debian tomorrow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1544576/+subscriptions
  Thread PreviousDate PreviousThread Next