Comment 16 for bug 430544

This bug was fixed in the package postgresql-8.3 - 8.3.8-0ubuntu9.04

---------------
postgresql-8.3 (8.3.8-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".

 -- Martin Pitt <email address hidden> Wed, 16 Sep 2009 11:15:21 +0200