Package: postgresql-8.3 Version: 8.3.6-1 Severity: serious Tags: security Justification: must
As reported in http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php using conversion functions width mismatched specified and database codepages causes postgresql to segfault. A serious issue is that a regular user can do that and bring down the whole system. Upstream came up with a patch just hours after the report, and it seems to be slated for 8.3.6: http://archives.postgresql.org/pgsql-bugs/2009-02/msg00176.php -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18+openvz (SMP w/8 CPU cores) Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Shell: /bin/sh linked to /bin/bash Versions of packages postgresql-8.3 depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libpam0g 1.0.1-5 Pluggable Authentication Modules l ii libpq5 8.3.6-1 PostgreSQL C client library ii libssl0.9.8 0.9.8g-15 SSL shared libraries ii libxml2 2.6.32.dfsg-5 GNOME XML library ii locales 2.7-18 GNU C Library: National Language ( ii postgresql-client-8.3 8.3.6-1 front-end programs for PostgreSQL ii postgresql-common 94lenny1 PostgreSQL database-cluster manage ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL ii tzdata 2008h-2 time zone and daylight-saving time postgresql-8.3 recommends no packages. Versions of packages postgresql-8.3 suggests: ii pidentd [ident-server] 3.0.19.ds1-4 TCP/IP IDENT protocol server with -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
