Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package postgresql-11. The new version fixes CVE-2019-10164. debian/* diff: diff --git a/debian/changelog b/debian/changelog index d9bedcb..2f7e899 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +postgresql-11 (11.4-1) unstable; urgency=medium + + * New upstream version. + + Fix buffer-overflow hazards in SCRAM verifier parsing + (Jonathan Katz, Heikki Linnakangas, Michael Paquier) + + Any authenticated user could cause a stack-based buffer overflow by + changing their own password to a purpose-crafted value. In addition to + the ability to crash the PostgreSQL server, this could suffice for + executing arbitrary code as the PostgreSQL operating system account. + + A similar overflow hazard existed in libpq, which could allow a rogue + server to crash a client or perhaps execute arbitrary code as the + client's operating system account. + + The PostgreSQL Project thanks Alexander Lakhin for reporting this + problem. (CVE-2019-10164) + + -- Christoph Berg <m...@debian.org> Tue, 18 Jun 2019 11:03:14 +0200 + postgresql-11 (11.3-1) unstable; urgency=medium * New upstream version. unblock postgresql-11/11.4-1 Christoph
