desktop-packages team mailing list archive

Thread
Date

[Bug 1418928] Re: New upstream microreleases 9.1.15, 9.3.6, 9.4.1

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Fri, 06 Feb 2015 13:02:37 -0000
Reply-to: Bug 1418928 <1418928@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

8.4 for lucid requires some backporting, as it isn't supported upstream
any more.

CVE-2015-0241: 
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=611e110aa
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=56b970f2

CVE-2015-0242:
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=9e05c50
but this does not affect Ubuntu as it uses the glibc snprintf() there instead of its own (which is mostly for Windows).

CVE-2015-0243:
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ce6f261c
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=0a3ee8a5f

CVE-2015-0244:
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=47ba0fb

CVE-2014-8161:
  http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3a2063369

** Changed in: postgresql-8.4 (Ubuntu Lucid)
       Status: New => In Progress

** Changed in: postgresql-8.4 (Ubuntu Lucid)
     Assignee: (unassigned) => Martin Pitt (pitti)

** Changed in: postgresql-9.4 (Ubuntu Utopic)
     Assignee: Martin Pitt (pitti) => (unassigned)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-9.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1418928

Title:
  New upstream microreleases 9.1.15, 9.3.6, 9.4.1

Status in postgresql-8.4 package in Ubuntu:
  Invalid
Status in postgresql-9.1 package in Ubuntu:
  Invalid
Status in postgresql-9.3 package in Ubuntu:
  Invalid
Status in postgresql-9.4 package in Ubuntu:
  Fix Committed
Status in postgresql-8.4 source package in Lucid:
  In Progress
Status in postgresql-9.1 source package in Precise:
  In Progress
Status in postgresql-9.1 source package in Trusty:
  In Progress
Status in postgresql-9.3 source package in Trusty:
  In Progress
Status in postgresql-9.4 source package in Utopic:
  In Progress
Status in postgresql-9.4 source package in Vivid:
  Fix Committed

Bug description:
  PostgreSQL has released new versions yesterday:
  http://www.postgresql.org/about/news/1569/

  These fix a bunch of security issues, as well as the usual set of bug
  fixes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-8.4/+bug/1418928/+subscriptions

References

[Bug 1418928] [NEW] New upstream microreleases 9.1.15, 9.3.6, 9.4.1
From: Martin Pitt, 2015-02-06