postgresql-8.1 8.1.4-0ubuntu1 source package in Ubuntu
Changelog
postgresql-8.1 (8.1.4-0ubuntu1) dapper-security; urgency=medium
* SECURITY UPDATE: Remote arbitrary SQL injection.
* This is based on Debian's 8.1.4-1 plus the shlibs fix from bzr head.
* New upstream security and bug fix release:
- The server now rejects invalidly-encoded multibyte characters in all
cases to defend against SQL-injection attacks. [CVE-2006-2313]
- Reject unsafe uses of \' in string literals (for client encodings that
allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A
new configuration parameter backslash_quote is available to adjust this
behavior when needed. [CVE-2006-2314]
- Modify libpq's string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the security issues
described in CVE-2006-2313 and CVE-2006-2314, and also
future-proofs them against the planned changeover to SQL-standard
string literal syntax. Applications that use multiple PostgreSQL
connections concurrently should migrate to PQescapeStringConn() and
PQescapeByteaConn() to ensure that escaping is done correctly for
the settings in use in each database connection. Applications that
do string escaping "by hand" should be modified to rely on library
routines instead.
- Various bug fixes, see upstream changelog for details.
* Remove debian/patches/12-krb5-multiusers.patch: Fixed upstream.
* debian/postgresql-8.1.init: Add a comment to point out that environment
variables need to be set in the 'environment' file, not in the init
script.
* debian/postgresql-8.1.init, debian/postgresql-8.1.postinst: Do not fail if
init.d-functions/maintscripts-functions are not present, which happens if
postgresql-{8.1,common} are removed, but not purged. Closes: #362488
* Bump Standards-Version to 3.7.2.
* Add debian/libpq4.shlibs and bump it to >= 8.1.4, to respect the
introduction of PQescapeStringConn() and PQescapeByteaConn().
* debian/postgresql-8.1.postrm, clean_dir(): Do not use rmdir's
--ignore-fail-on-nonempty, since that still falls apart when the
directory is a mountpoint. Just ignore errors.
-- Martin Pitt <email address hidden> Thu, 1 Jun 2006 22:38:19 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Dapper
- Original maintainer:
- Martin Pitt
- Architectures:
- any
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| postgresql-8.1_8.1.4.orig.tar.gz | 10.8 MiB | 0cfb807f47374d9ad42f0a5198bd8e3607d4c6857ce47141d722998fee1ae961 |
| postgresql-8.1_8.1.4-0ubuntu1.diff.gz | 23.2 KiB | 12f1ccbcc140b10d2e48bb14aa1bed795c486156b7f755fed67560da97bafc2c |
| postgresql-8.1_8.1.4-0ubuntu1.dsc | 1.1 KiB | 03c322ffdba27d5be2664a6882e5c078ec3429fac888e99548478a220d64b259 |
Binary packages built by this source
- libecpg-compat2: No summary available for libecpg-compat2 in ubuntu dapper.
No description available for libecpg-compat2 in ubuntu dapper.
- libecpg-dev: No summary available for libecpg-dev in ubuntu dapper.
No description available for libecpg-dev in ubuntu dapper.
- libecpg5: No summary available for libecpg5 in ubuntu dapper.
No description available for libecpg5 in ubuntu dapper.
- libpgtypes2: No summary available for libpgtypes2 in ubuntu dapper.
No description available for libpgtypes2 in ubuntu dapper.
- libpq-dev: No summary available for libpq-dev in ubuntu dapper.
No description available for libpq-dev in ubuntu dapper.
- libpq4: No summary available for libpq4 in ubuntu dapper.
No description available for libpq4 in ubuntu dapper.
- postgresql-8.1: No summary available for postgresql-8.1 in ubuntu dapper.
No description available for postgresql-8.1 in ubuntu dapper.
- postgresql-client-8.1: No summary available for postgresql-client-8.1 in ubuntu dapper.
No description available for postgresql-
client- 8.1 in ubuntu dapper.
- postgresql-contrib-8.1: No summary available for postgresql-contrib-8.1 in ubuntu dapper.
No description available for postgresql-
contrib- 8.1 in ubuntu dapper.
- postgresql-doc-8.1: No summary available for postgresql-doc-8.1 in ubuntu dapper.
No description available for postgresql-doc-8.1 in ubuntu dapper.
- postgresql-plperl-8.1: No summary available for postgresql-plperl-8.1 in ubuntu dapper.
No description available for postgresql-
plperl- 8.1 in ubuntu dapper.
- postgresql-plpython-8.1: No summary available for postgresql-plpython-8.1 in ubuntu dapper.
No description available for postgresql-
plpython- 8.1 in ubuntu dapper.
- postgresql-pltcl-8.1: No summary available for postgresql-pltcl-8.1 in ubuntu dapper.
No description available for postgresql-
pltcl-8. 1 in ubuntu dapper.
- postgresql-server-dev-8.1: No summary available for postgresql-server-dev-8.1 in ubuntu dapper.
No description available for postgresql-
server- dev-8.1 in ubuntu dapper.
