1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted postgresql-15 15.12-0+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Mar 1 12:40:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 18 Feb 2025 11:59:37 +0100
    Source: postgresql-15
    Architecture: source
    Version: 15.12-0+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org>
    Changes:
    postgresql-15 (15.12-0+deb12u1) bookworm; urgency=medium
    .
    * New upstream version 15.12.
    .
    + Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane)
    .
    The changes made for CVE-2025-1094 had one serious oversight:
    PQescapeLiteral() and PQescapeIdentifier() failed to honor their string
    length parameter, instead always reading to the input string's trailing
    null. This resulted in including unwanted text in the output, if the
    caller intended to truncate the string via the length parameter. With
    very bad luck it could cause a crash due to reading off the end of
    memory.
    .
    In addition, modify all these quoting functions so that when invalid
    encoding is detected, an invalid sequence is substituted for just the
    first byte of the presumed character, not all of it. This reduces the
    risk of problems if a calling application performs additional processing
    on the quoted string.
    Checksums-Sha1:
    49d886977631c33ccc513d5a1475d68172f74973 3926 postgresql-15_15.12-0+deb12u1.dsc
    e324936f043bca125f3b12bef2919e5183118400 23170228 postgresql-15_15.12.orig.tar.bz2
    8b4fac8224e7a335399e9d7706a5d05ee457cf81 28104 postgresql-15_15.12-0+deb12u1.debian.tar.xz
    Checksums-Sha256:
    15d0fe8a28f52f77f24babe3ee8bf9ea416122e3aaee3b882af32626c2a5c347 3926 postgresql-15_15.12-0+deb12u1.dsc
    3bc8462a38ca0857270cc88b949a3f6659f0d5c44c029c482355835b61a0f6f7 23170228 postgresql-15_15.12.orig.tar.bz2
    b879925973250fc9af80a3ebfb61170c186ca027378cfa668ae2389646f7f1b7 28104 postgresql-15_15.12-0+deb12u1.debian.tar.xz
    Files:
    92fcdbaded39e77b17c4928153faeac3 3926 database optional postgresql-15_15.12-0+deb12u1.dsc
    2b8236ac1b8ebad95f7c4414b2adcafd 23170228 database optional postgresql-15_15.12.orig.tar.bz2
    5037388bd095cee367f319878eb310c5 28104 database optional postgresql-15_15.12-0+deb12u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAme3TZwACgkQTFprqxLS p66fcQ//fhisSZ+yer9LIe89gjdUsjFy6NhH+SthsnmqYWUZS35Rpjz51jfKCgOt C5UQgJs6oNbe5Z7DeFZxAXcwWqAUxLYkTE74bhSfB4n+Y1PxJR0SvkKZKJWiyh2J 6iwT63yJnfF2TtTRPnlAHSJumvtBwlGc9K3gy1ZHVrQUZvus7YXdd5OjBSDx2ctT cyZ6bIRjW3sO2wILRy8xWyYcO63ReLRynXgt8bEe5PqPy+OBmZILgqR+wfmaPU0/ +JTi8n7+1aZNJQBX5oyvozDF9W8+z64cItwruxJqyQPm6Ev23OdA/IBd6cMUeU3k kcJlKxB+N4Fyo4t3+bjAUn02gMyDk+bq5A9Nk6i8JelfyPzG7AHDStSsYlid4Txd Ay8vdEjyFX+GjUuK9pHgnTIdkv05+5zTV6IrFHa6sVzh9g95YTYxYlZoSQ7fYk2D c7hvrpTp02Iw8PIjQ79VRCbDZj5QKWaRgcW5piDpvILBVsqjQlzgm8HYO5eYppSy 2gUoW2/WCQhvWLiTafpmDui2qo6Ihl4soPi5q1fHDcPf4FT/f78zQ8WYum1NpsdX eS46s4+ste+1qfAonQ6NncWs2mdAHV5bq5PYNAygx2auqZWNua104j3wjdBuBxx/ 2UOPq43Yr/sRFdUy27+/3yVn7vWlXP+J92veRqga81rQagyFXhU=
    =mECv
    -----END PGP SIGNATURE-----


    --==============685442471225276644=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ8LwOQAKCRCb9qggYcy5 IcUiAPoDXomsQXWH/Bmby0LN3xCSWKbW9GeI8+cWTFQTYLWFSAEAsbyzd2/rC/uB vuNMXEy3Dt0XmNNkkT/EP+KJToSjLgM=k8gm
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)