|
| 1 | +postgresql-9.1 (9.1.23-0+deb7u1) wheezy-security; urgency=medium |
| 2 | + |
| 3 | + * New upstream security release. |
| 4 | + |
| 5 | + + Fix possible mis-evaluation of nested CASE-WHEN expressions |
| 6 | + (Heikki Linnakangas, Michael Paquier, Tom Lane) |
| 7 | + |
| 8 | + A CASE expression appearing within the test value subexpression of |
| 9 | + another CASE could become confused about whether its own test value was |
| 10 | + null or not. Also, inlining of a SQL function implementing the equality |
| 11 | + operator used by a CASE expression could result in passing the wrong |
| 12 | + test value to functions called within a CASE expression in the SQL |
| 13 | + function's body. If the test values were of different data types, a |
| 14 | + crash might result; moreover such situations could be abused to allow |
| 15 | + disclosure of portions of server memory. (CVE-2016-5423) |
| 16 | + |
| 17 | + + Fix client programs' handling of special characters in database and role |
| 18 | + names (Noah Misch, Nathan Bossart, Michael Paquier) |
| 19 | + |
| 20 | + Numerous places in vacuumdb and other client programs could become |
| 21 | + confused by database and role names containing double quotes or |
| 22 | + backslashes. Tighten up quoting rules to make that safe. Also, ensure |
| 23 | + that when a conninfo string is used as a database name parameter to |
| 24 | + these programs, it is correctly treated as such throughout. |
| 25 | + |
| 26 | + Fix handling of paired double quotes in psql's \connect and \password |
| 27 | + commands to match the documentation. |
| 28 | + |
| 29 | + Introduce a new -reuse-previous option in psql's \connect command to |
| 30 | + allow explicit control of whether to re-use connection parameters from a |
| 31 | + previous connection. (Without this, the choice is based on whether the |
| 32 | + database name looks like a conninfo string, as before.) This allows |
| 33 | + secure handling of database names containing special characters in |
| 34 | + pg_dumpall scripts. |
| 35 | + |
| 36 | + pg_dumpall now refuses to deal with database and role names containing |
| 37 | + carriage returns or newlines, as it seems impractical to quote those |
| 38 | + characters safely on Windows. In future we may reject such names on the |
| 39 | + server side, but that step has not been taken yet. |
| 40 | + |
| 41 | + These are considered security fixes because crafted object names |
| 42 | + containing special characters could have been used to execute commands |
| 43 | + with superuser privileges the next time a superuser executes pg_dumpall |
| 44 | + or other routine maintenance operations. (CVE-2016-5424) |
| 45 | + |
| 46 | + -- Christoph Berg <christoph.berg@credativ.de> Wed, 10 Aug 2016 13:52:25 +0200 |
| 47 | + |
1 | 48 | postgresql-9.1 (9.1.22-0+deb7u1) wheezy-security; urgency=medium |
2 | 49 |
|
3 | 50 | * New upstream bugfix release. |
|
0 commit comments