========================================= Wed, 17 Dec 2008 - Debian 4.0r6 released ========================================= ======================================================================== [Date: Wed, 17 Dec 2008 21:11:19 +0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: fp-compiler | 2.0.0-4 | amd64, i386, powerpc, sparc fp-docs | 2.0.0-4 | all fp-ide | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-base | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-db | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-fcl | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-fv | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gfx | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gnome1 | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gtk | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-gtk2 | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-misc | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-net | 2.0.0-4 | amd64, i386, powerpc, sparc fp-units-rtl | 2.0.0-4 | amd64, i386, powerpc, sparc fp-utils | 2.0.0-4 | amd64, i386, powerpc, sparc fpc | 2.0.0-4 | source gearhead | 1.010-1 | source, amd64, i386, powerpc, sparc gearhead-data | 1.010-1 | all imapcopy | 1.01+20060420-1 | source, amd64, i386, powerpc, sparc Closed bugs: 506977 ------------------- Reason ------------------- RoST; copyright infringement in pre 2.2.2 sources ---------------------------------------------- ========================================================================= [Date: Wed, 17 Dec 2008 21:14:49 +0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: astrolog | 5.40-3 | source, alpha, i386 Closed bugs: 507239 ------------------- Reason ------------------- RoST; RoQA; orphaned long time, non-free, contains potentially undistributable code ---------------------------------------------- ========================================================================= ========================================================================= [Date: Wed, 17 Dec 2008 21:15:21 +0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: youtube-dl | 2006.11.12-1 | source, all Closed bugs: 439363 ------------------- Reason ------------------- RoST; RoQA; broken ---------------------------------------------- ========================================================================= ======================================================================== stable/main/binary-sparc/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb stable/main/binary-sparc/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-s390/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb stable/main/binary-s390/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-powerpc/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb stable/main/binary-powerpc/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-mipsel/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb stable/main/binary-mipsel/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-mips/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/python-xpcom_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libmozjs0d_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/xulrunner_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libxul0d_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libnss3-tools_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/libnss3-0d_1.8.0.15~pre080614h-0etch1_mips.deb stable/main/binary-mips/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mips.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-ia64/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb stable/main/binary-ia64/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-i386/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb stable/main/binary-i386/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-hppa/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb stable/main/binary-hppa/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-arm/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb stable/main/binary-arm/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-alpha/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb stable/main/binary-alpha/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-amd64/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-amd64/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-amd64/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-all/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-amd64/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-amd64/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/source/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz stable/main/binary-amd64/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/source/xulrunner_1.8.0.15~pre080614h.orig.tar.gz stable/main/binary-amd64/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-amd64/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-amd64/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-all/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-amd64/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-all/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-all/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-all/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-all/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-amd64/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/binary-all/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-all/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb stable/main/binary-amd64/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb stable/main/source/xulrunner_1.8.0.15~pre080614h-0etch1.dsc stable/main/binary-amd64/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb xulrunner (1.8.0.15~pre080614h-0etch1) stable-security; urgency=low [ Alexander Sack ] * New security/stability upstream release (backports for 2.0.0.17 + 2.0.0.18) * Upstream advisories (v2.0.0.17): MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-40 aka CVE-2008-3837 - Forced mouse drag MFSA 2008-41 aka CVE-2008-4058 - XPCnativeWrapper pollution MFSA 2008-41 aka CVE-2008-4059 - XPCnativeWrapper pollution (Firefox 2) MFSA 2008-41 aka CVE-2008-4060 - Documents without script handling objects MFSA 2008-42 aka CVE-2008-4061 - Crashes with evidence of corruption; layout (rv:1.8.1.17) MFSA 2008-42 aka CVE-2008-4062 - Crashes with evidence of corruption; javascript (rv:1.8.1.17) MFSA 2008-43 aka CVE-2008-4065 - Stripped BOM characters MFSA 2008-43 aka CVE-2008-4066 - HTML escaped low surrogates bug MFSA 2008-44 aka CVE-2008-4067 - resource: traversal vulnerabilities (a) MFSA 2008-44 aka CVE-2008-4068 - resource: traversal vulnerabilities (b) MFSA 2008-45 aka CVE-2008-4069 - XBM image uninitialized memory reading * Upstream advisories (v2.0.0.18): MFSA 2008-47 aka CVE-2008-4582 - Information stealing via local shortcut files MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect MFSA 2008-49 aka CVE-2008-5013 - Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering MFSA 2008-52 aka CVE-2008-5017 - browser engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-52 aka CVE-2008-5018 - javascript engine crashes with memory corruption (rv:1.8.1.18) MFSA 2008-54 aka CVE-2008-0017 - Buffer overflow in http-index-format parser MFSA 2008-55 aka CVE-2008-5021 - Crash and remote code execution in nsFrameManager MFSA 2008-56 aka CVE-2008-5022 - nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-57 aka CVE-2008-5023 - -moz-binding property bypasses security checks on codebase principals MFSA 2008-58 aka CVE-2008-5024 - Parsing error in E4X default namespace stable/main/binary-sparc/tethereal_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/ethereal_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/tshark_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/wireshark_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/wireshark-dev_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/ethereal-common_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/ethereal-dev_0.99.4-5.etch.3_sparc.deb stable/main/binary-sparc/wireshark-common_0.99.4-5.etch.3_sparc.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-s390/ethereal-common_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/ethereal-dev_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/tshark_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/wireshark-common_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/tethereal_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/ethereal_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/wireshark_0.99.4-5.etch.3_s390.deb stable/main/binary-s390/wireshark-dev_0.99.4-5.etch.3_s390.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-powerpc/wireshark-dev_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/tethereal_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/wireshark_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/ethereal-dev_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/tshark_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/wireshark-common_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/ethereal-common_0.99.4-5.etch.3_powerpc.deb stable/main/binary-powerpc/ethereal_0.99.4-5.etch.3_powerpc.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-mipsel/tshark_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/ethereal_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/wireshark-common_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/tethereal_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/ethereal-dev_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/wireshark_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/wireshark-dev_0.99.4-5.etch.3_mipsel.deb stable/main/binary-mipsel/ethereal-common_0.99.4-5.etch.3_mipsel.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-mips/tshark_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/wireshark-common_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/wireshark_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/ethereal-dev_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/ethereal-common_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/ethereal_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/wireshark-dev_0.99.4-5.etch.3_mips.deb stable/main/binary-mips/tethereal_0.99.4-5.etch.3_mips.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-ia64/ethereal-common_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/tshark_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/ethereal-dev_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/wireshark-common_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/ethereal_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/wireshark_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/tethereal_0.99.4-5.etch.3_ia64.deb stable/main/binary-ia64/wireshark-dev_0.99.4-5.etch.3_ia64.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-hppa/ethereal-common_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/ethereal-dev_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/tethereal_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/wireshark-common_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/tshark_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/ethereal_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/wireshark_0.99.4-5.etch.3_hppa.deb stable/main/binary-hppa/wireshark-dev_0.99.4-5.etch.3_hppa.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-arm/wireshark-common_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/tethereal_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/ethereal-common_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/wireshark_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/ethereal-dev_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/ethereal_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/wireshark-dev_0.99.4-5.etch.3_arm.deb stable/main/binary-arm/tshark_0.99.4-5.etch.3_arm.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-amd64/wireshark-dev_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/wireshark_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/ethereal_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/wireshark-common_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/tshark_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/ethereal-dev_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/tethereal_0.99.4-5.etch.3_amd64.deb stable/main/binary-amd64/ethereal-common_0.99.4-5.etch.3_amd64.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/binary-alpha/tethereal_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/ethereal-common_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/wireshark-common_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/tshark_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/ethereal_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/wireshark-dev_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/ethereal-dev_0.99.4-5.etch.3_alpha.deb stable/main/binary-alpha/wireshark_0.99.4-5.etch.3_alpha.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/source/wireshark_0.99.4-5.etch.3.dsc stable/main/binary-i386/wireshark-dev_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/wireshark_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/ethereal_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/wireshark-common_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/ethereal-common_0.99.4-5.etch.3_i386.deb stable/main/source/wireshark_0.99.4-5.etch.3.diff.gz stable/main/binary-i386/tshark_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/tethereal_0.99.4-5.etch.3_i386.deb stable/main/binary-i386/ethereal-dev_0.99.4-5.etch.3_i386.deb wireshark (0.99.4-5.etch.3) stable-security; urgency=high * Backport further security fixes: * CVE-2008-4683, CVE-2008-4684, CVE-2008-4685 and a backport of have_postdissector(), which is needed for the fixes * CVE-2008-3933 * CVE-2008-3145 * CVE-2008-3141 * CVE-2008-3138 * CVE-2008-3137 stable/main/source/websvn_1.61-21.dsc stable/main/source/websvn_1.61-21.diff.gz stable/main/binary-all/websvn_1.61-21_all.deb websvn (1.61-21) stable; urgency=high * Security: fix potential PHP code execution due to unsafe use of preg_replace (Closes: #503330) stable/main/binary-i386/user-mode-linux_2.6.18-1um-2etch.23etch1_i386.deb stable/main/source/user-mode-linux_2.6.18-1um-2etch.23etch1.diff.gz stable/main/source/user-mode-linux_2.6.18-1um-2etch.23etch1.dsc user-mode-linux (2.6.18-1um-2etch.23etch1) stable-security; urgency=high * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23etch1: * Fix missing boundary checks in syscall/syscall32_nopage(): - bugfix/add-install_special_mapping.patch - bugfix/i386-vdso-use_install_special_mapping.patch - bugfix/x86_64-ia32-vDSO-use-install_special_mapping.patch - features/all/xen/vdso-use_install_special_mapping.patch See CVE-2008-3527 * Modify feature patches to apply on top of the fixes for CVE-2008-3527: - features/all/vserver/vs2.0.2.2-rc9.patch - features/all/xen/fedora-2.6.18-36186.patch - features/all/xen/vserver-update.patch * Don't allow splicing to files opened with O_APPEND: - bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch See CVE-2008-4554 * Avoid printk floods when reading corrupted ext[2,3] directories - bugfix/ext2-avoid-corrupted-directory-printk-floods.patch - bugfix/ext3-avoid-corrupted-directory-printk-floods.patch See CVE-2008-3528 * Fix oops in SCTP - bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch See CVE-2008-4576 * Fix buffer overflow in hfsplus - bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch See CVE-2008-4933 * Fix BUG() in hfsplus - bugfix/hfsplus-check_read_mapping_page-return-value.patch See CVE-2008-4934 * Fix stack corruption in hfs - bugfix/hfs-fix-namelength-memory-corruption.patch See CVE-2008-5025 * Fix recursive descent in __scm_destroy - bugfix/af_unix-fix-garbage-collector-races.patch - bugfix/af_unix-convert-socks-to-unix_socks.patch - bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch - bugfix/net-fix-recursive-descent-in-__scm_destroy.patch See CVE-2008-5029 * Make sendmsg() block during UNIX garbage collection: - bugfix/net-unix-gc-fix-soft-lockups-oom-issues.patch See CVE-2008-5300 * Fix DoS when calling svc_listen twice on the same socket while reading /proc/net/atm/*vc: - bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch See CVE-2008-5079 * Fix race conditions between inotify removal and umount - bugfix/inotify-watch-removal-umount-races.patch See CVE-2008-5182 stable/main/binary-all/tdiary-plugin_2.0.2+20060303-6_all.deb stable/main/binary-all/tdiary_2.0.2+20060303-6_all.deb stable/main/source/tdiary_2.0.2+20060303-6.dsc stable/main/source/tdiary_2.0.2+20060303-6.diff.gz stable/main/binary-all/tdiary-contrib_2.0.2+20060303-6_all.deb stable/main/binary-all/tdiary-mode_2.0.2+20060303-6_all.deb stable/main/binary-all/tdiary-theme_2.0.2+20060303-6_all.deb tdiary (2.0.2+20060303-6) stable-security; urgency=low * Added debian/patches/20_xss_category.dpatch: Fixed a Cross Site Scripting (XSS) vulnerability, where any scripts may be embedded in "Category" pages generated by the category.rb plugin. (Closes: #464778) stable/main/binary-sparc/streamripper_1.61.27-1+etch1_sparc.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-s390/streamripper_1.61.27-1+etch1_s390.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-powerpc/streamripper_1.61.27-1+etch1_powerpc.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-mipsel/streamripper_1.61.27-1+etch1_mipsel.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-mips/streamripper_1.61.27-1+etch1_mips.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-ia64/streamripper_1.61.27-1+etch1_ia64.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-i386/streamripper_1.61.27-1+etch1_i386.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-hppa/streamripper_1.61.27-1+etch1_hppa.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-arm/streamripper_1.61.27-1+etch1_arm.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/binary-alpha/streamripper_1.61.27-1+etch1_alpha.deb streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/source/streamripper_1.61.27-1+etch1.diff.gz stable/main/binary-amd64/streamripper_1.61.27-1+etch1_amd64.deb stable/main/source/streamripper_1.61.27-1+etch1.dsc streamripper (1.61.27-1+etch1) stable-security; urgency=high * Fix buffer overflows in HTTP header parsing (CVE-2007-4337). * Fix buffer more overflows in HTTP header and playlist parsing (CVE-2008-4829). stable/main/source/squirrelmail_1.4.9a-3.diff.gz stable/main/binary-all/squirrelmail_1.4.9a-3_all.deb stable/main/source/squirrelmail_1.4.9a-3.dsc squirrelmail (2:1.4.9a-3) stable-security; urgency=high * Fix cross site scripting in HTML filter [CVE-2008-2379]. stable/main/binary-sparc/spamc_3.1.7-2etch1_sparc.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-s390/spamc_3.1.7-2etch1_s390.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-powerpc/spamc_3.1.7-2etch1_powerpc.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-mipsel/spamc_3.1.7-2etch1_mipsel.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-mips/spamc_3.1.7-2etch1_mips.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-ia64/spamc_3.1.7-2etch1_ia64.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-hppa/spamc_3.1.7-2etch1_hppa.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-arm/spamc_3.1.7-2etch1_arm.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-amd64/spamc_3.1.7-2etch1_amd64.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-alpha/spamc_3.1.7-2etch1_alpha.deb spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/binary-all/spamassassin_3.1.7-2etch1_all.deb stable/main/binary-i386/spamc_3.1.7-2etch1_i386.deb stable/main/source/spamassassin_3.1.7-2etch1.dsc stable/main/source/spamassassin_3.1.7-2etch1.diff.gz spamassassin (3.1.7-2etch1) stable-proposed-updates; urgency=high * Security fix: - CVE-2007-2873: Possible symlink attack with spamd under certain (uncommon) configurations. (See http://spamassassin.apache.org/advisories/cve-2007-2873.txt) * Remove DSBL and SECURITYSAGE blacklists, since they don't exist anymore and bad things happen when they're queried. (Closes: #505162) * - stable/main/source/reportbug_3.31+etch1.tar.gz stable/main/source/reportbug_3.31+etch1.dsc stable/main/binary-all/reportbug_3.31+etch1_all.deb reportbug (3.31+etch1) stable; urgency=low * debian/control - added me to uploaders (to avoid NMU) * adapting Don Armstrong's patch to use reportbug.debian.org MX instead of bugs.debian.org stable/main/binary-powerpc/qemu_0.8.2-4etch2_powerpc.deb qemu (0.8.2-4etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Fix insecure symlink handling in debian/qemu-make-debian-root, which could lead to a DoS Fixes: CVE-2008-4553 stable/main/binary-amd64/qemu_0.8.2-4etch2_amd64.deb qemu (0.8.2-4etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Fix insecure symlink handling in debian/qemu-make-debian-root, which could lead to a DoS Fixes: CVE-2008-4553 stable/main/binary-i386/qemu_0.8.2-4etch2_i386.deb stable/main/source/qemu_0.8.2-4etch2.dsc stable/main/source/qemu_0.8.2-4etch2.diff.gz qemu (0.8.2-4etch2) stable-security; urgency=high * Non-maintainer upload by the security team * Fix insecure symlink handling in debian/qemu-make-debian-root, which could lead to a DoS Fixes: CVE-2008-4553 stable/main/binary-sparc/python2.4_2.4.4-3+etch2_sparc.deb stable/main/binary-sparc/python2.4-minimal_2.4.4-3+etch2_sparc.deb stable/main/binary-sparc/python2.4-dev_2.4.4-3+etch2_sparc.deb stable/main/binary-sparc/python2.4-dbg_2.4.4-3+etch2_sparc.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-s390/python2.4_2.4.4-3+etch2_s390.deb stable/main/binary-s390/python2.4-minimal_2.4.4-3+etch2_s390.deb stable/main/binary-s390/python2.4-dbg_2.4.4-3+etch2_s390.deb stable/main/binary-s390/python2.4-dev_2.4.4-3+etch2_s390.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-powerpc/python2.4-dbg_2.4.4-3+etch2_powerpc.deb stable/main/binary-powerpc/python2.4_2.4.4-3+etch2_powerpc.deb stable/main/binary-powerpc/python2.4-dev_2.4.4-3+etch2_powerpc.deb stable/main/binary-powerpc/python2.4-minimal_2.4.4-3+etch2_powerpc.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-mipsel/python2.4_2.4.4-3+etch2_mipsel.deb stable/main/binary-mipsel/python2.4-dev_2.4.4-3+etch2_mipsel.deb stable/main/binary-mipsel/python2.4-dbg_2.4.4-3+etch2_mipsel.deb stable/main/binary-mipsel/python2.4-minimal_2.4.4-3+etch2_mipsel.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-mips/python2.4-dbg_2.4.4-3+etch2_mips.deb stable/main/binary-mips/python2.4-minimal_2.4.4-3+etch2_mips.deb stable/main/binary-mips/python2.4-dev_2.4.4-3+etch2_mips.deb stable/main/binary-mips/python2.4_2.4.4-3+etch2_mips.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-ia64/python2.4_2.4.4-3+etch2_ia64.deb stable/main/binary-ia64/python2.4-dev_2.4.4-3+etch2_ia64.deb stable/main/binary-ia64/python2.4-dbg_2.4.4-3+etch2_ia64.deb stable/main/binary-ia64/python2.4-minimal_2.4.4-3+etch2_ia64.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-hppa/python2.4-minimal_2.4.4-3+etch2_hppa.deb stable/main/binary-hppa/python2.4_2.4.4-3+etch2_hppa.deb stable/main/binary-hppa/python2.4-dev_2.4.4-3+etch2_hppa.deb stable/main/binary-hppa/python2.4-dbg_2.4.4-3+etch2_hppa.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-arm/python2.4_2.4.4-3+etch2_arm.deb stable/main/binary-arm/python2.4-minimal_2.4.4-3+etch2_arm.deb stable/main/binary-arm/python2.4-dbg_2.4.4-3+etch2_arm.deb stable/main/binary-arm/python2.4-dev_2.4.4-3+etch2_arm.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-amd64/python2.4-minimal_2.4.4-3+etch2_amd64.deb stable/main/binary-amd64/python2.4_2.4.4-3+etch2_amd64.deb stable/main/binary-amd64/python2.4-dbg_2.4.4-3+etch2_amd64.deb stable/main/binary-amd64/python2.4-dev_2.4.4-3+etch2_amd64.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-alpha/python2.4-minimal_2.4.4-3+etch2_alpha.deb stable/main/binary-alpha/python2.4_2.4.4-3+etch2_alpha.deb stable/main/binary-alpha/python2.4-dev_2.4.4-3+etch2_alpha.deb stable/main/binary-alpha/python2.4-dbg_2.4.4-3+etch2_alpha.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/source/python2.4_2.4.4-3+etch2.diff.gz stable/main/binary-i386/python2.4-dev_2.4.4-3+etch2_i386.deb stable/main/source/python2.4_2.4.4-3+etch2.dsc stable/main/binary-i386/python2.4-minimal_2.4.4-3+etch2_i386.deb stable/main/binary-i386/python2.4_2.4.4-3+etch2_i386.deb stable/main/binary-all/idle-python2.4_2.4.4-3+etch2_all.deb stable/main/binary-all/python2.4-examples_2.4.4-3+etch2_all.deb stable/main/binary-i386/python2.4-dbg_2.4.4-3+etch2_i386.deb python2.4 (2.4.4-3+etch2) stable-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2008-2315_3142_3143_3144.dpatch stable/main/binary-sparc/postgresql-client-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-pltcl-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libpgtypes2_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libecpg-dev_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-server-dev-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plpython-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-contrib-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libpq-dev_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plperl-8.1_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libecpg5_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libpq4_8.1.15-0etch1_sparc.deb stable/main/binary-sparc/libecpg-compat2_8.1.15-0etch1_sparc.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-s390/postgresql-plperl-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-server-dev-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/libpq-dev_8.1.15-0etch1_s390.deb stable/main/binary-s390/libpq4_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-contrib-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-plpython-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-pltcl-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-client-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/libecpg-compat2_8.1.15-0etch1_s390.deb stable/main/binary-s390/postgresql-8.1_8.1.15-0etch1_s390.deb stable/main/binary-s390/libecpg5_8.1.15-0etch1_s390.deb stable/main/binary-s390/libpgtypes2_8.1.15-0etch1_s390.deb stable/main/binary-s390/libecpg-dev_8.1.15-0etch1_s390.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-powerpc/postgresql-plperl-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-plpython-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-client-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-pltcl-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg-compat2_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg-dev_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libpq4_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-server-dev-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/postgresql-contrib-8.1_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libpq-dev_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libpgtypes2_8.1.15-0etch1_powerpc.deb stable/main/binary-powerpc/libecpg5_8.1.15-0etch1_powerpc.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-mipsel/libpq4_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg-dev_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-contrib-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/libpgtypes2_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-client-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-pltcl-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-plperl-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-plpython-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg5_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/libpq-dev_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/postgresql-server-dev-8.1_8.1.15-0etch1_mipsel.deb stable/main/binary-mipsel/libecpg-compat2_8.1.15-0etch1_mipsel.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-mips/libpq4_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-plpython-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-server-dev-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-client-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-plperl-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-contrib-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/libpgtypes2_8.1.15-0etch1_mips.deb stable/main/binary-mips/libecpg5_8.1.15-0etch1_mips.deb stable/main/binary-mips/libecpg-compat2_8.1.15-0etch1_mips.deb stable/main/binary-mips/libecpg-dev_8.1.15-0etch1_mips.deb stable/main/binary-mips/postgresql-pltcl-8.1_8.1.15-0etch1_mips.deb stable/main/binary-mips/libpq-dev_8.1.15-0etch1_mips.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15 - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14 - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-ia64/postgresql-plperl-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libecpg-compat2_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-server-dev-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-plpython-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libpq4_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libecpg5_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-pltcl-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libpgtypes2_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libpq-dev_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-contrib-8.1_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/libecpg-dev_8.1.15-0etch1_ia64.deb stable/main/binary-ia64/postgresql-client-8.1_8.1.15-0etch1_ia64.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-hppa/postgresql-client-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libecpg5_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libecpg-compat2_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libpq4_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-plperl-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-pltcl-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libpgtypes2_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-server-dev-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-contrib-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/postgresql-plpython-8.1_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libecpg-dev_8.1.15-0etch1_hppa.deb stable/main/binary-hppa/libpq-dev_8.1.15-0etch1_hppa.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-arm/libpq-dev_8.1.15-0etch1_arm.deb stable/main/binary-arm/libpq4_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-contrib-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-plpython-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/libecpg-compat2_8.1.15-0etch1_arm.deb stable/main/binary-arm/libecpg5_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-client-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/libecpg-dev_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-server-dev-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-pltcl-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-plperl-8.1_8.1.15-0etch1_arm.deb stable/main/binary-arm/libpgtypes2_8.1.15-0etch1_arm.deb stable/main/binary-arm/postgresql-8.1_8.1.15-0etch1_arm.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-amd64/libpgtypes2_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/libecpg-dev_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-client-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-pltcl-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-server-dev-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-contrib-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-plperl-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/libpq4_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/postgresql-plpython-8.1_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/libecpg-compat2_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/libpq-dev_8.1.15-0etch1_amd64.deb stable/main/binary-amd64/libecpg5_8.1.15-0etch1_amd64.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-alpha/postgresql-plpython-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libpq-dev_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-client-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-contrib-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-server-dev-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libecpg-compat2_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libecpg-dev_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libpq4_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libpgtypes2_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-plperl-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/postgresql-pltcl-8.1_8.1.15-0etch1_alpha.deb stable/main/binary-alpha/libecpg5_8.1.15-0etch1_alpha.deb postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-i386/libecpg-dev_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-client-8.1_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-contrib-8.1_8.1.15-0etch1_i386.deb stable/main/binary-i386/libecpg5_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-8.1_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-server-dev-8.1_8.1.15-0etch1_i386.deb stable/main/source/postgresql-8.1_8.1.15-0etch1.dsc stable/main/binary-i386/postgresql-plpython-8.1_8.1.15-0etch1_i386.deb stable/main/binary-i386/libpq-dev_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-plperl-8.1_8.1.15-0etch1_i386.deb stable/main/binary-i386/libpgtypes2_8.1.15-0etch1_i386.deb stable/main/binary-i386/postgresql-pltcl-8.1_8.1.15-0etch1_i386.deb stable/main/source/postgresql-8.1_8.1.15-0etch1.diff.gz stable/main/binary-i386/libecpg-compat2_8.1.15-0etch1_i386.deb stable/main/binary-all/postgresql-doc-8.1_8.1.15-0etch1_all.deb stable/main/binary-i386/libpq4_8.1.15-0etch1_i386.deb stable/main/source/postgresql-8.1_8.1.15.orig.tar.gz postgresql-8.1 (8.1.15-0etch1) stable; urgency=low * New upstream bugfix release 8.1.15: - Fix GiST index corruption due to marking the wrong index entry "dead" after a deletion. This would result in index searches failing to find rows they should have found. - Fix backend crash when the client encoding cannot represent a localized error message. - Fix possible crash when deeply nested functions are invoked from a trigger. - Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list. The usual symptom of this problem is an "unrecognized node type" error. - Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function. - Prevent possible collision of relfilenode numbers when moving a table to another tablespace with "ALTER SET TABLESPACE". The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE ROLE". - Fix recent breakage of pg_ctl restart. * New upstream bugfix release 8.1.14: - Widen local lock counters from 32 to 64 bits. This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected "lock is already held" errors. - Fix possible duplicate output of tuples during a GiST index scan. - Add checks in executor startup to ensure that the tuples produced by an "INSERT" or "UPDATE" will match the target table's current rowtype. "ALTER COLUMN TYPE", followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. - Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly. The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted -only* abbreviations. - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner bug with nested sub-select expressions. If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Fix PL/PgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. - Fix pg_ctl to properly preserve postmaster command-line arguments across a restart. stable/main/binary-sparc/postgresql-contrib-7.4_7.4.23-0etch1_sparc.deb stable/main/binary-sparc/postgresql-pltcl-7.4_7.4.23-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plpython-7.4_7.4.23-0etch1_sparc.deb stable/main/binary-sparc/postgresql-client-7.4_7.4.23-0etch1_sparc.deb stable/main/binary-sparc/postgresql-7.4_7.4.23-0etch1_sparc.deb stable/main/binary-sparc/postgresql-plperl-7.4_7.4.23-0etch1_sparc.deb postgresql-7.4 (1:7.4.23-0etch1) stable; urgency=low * New upstream bug fix release 7.4.23: - Fix backend crash when the client encoding cannot represent a localized error message. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE USER". * New upstream bug fix release 7.4.22: - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. * New upstream bug fix release 7.4.21: - Make pg_get_ruledef() parenthesize negative constants. Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid "SELECT DISTINCT" view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. * New upstream bug fix release 7.4.20: - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching (substring(string from pattern)). The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. - Fix libpq to handle NOTICE messages correctly during COPY OUT. This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. stable/main/binary-s390/postgresql-7.4_7.4.23-0etch1_s390.deb stable/main/binary-s390/postgresql-plperl-7.4_7.4.23-0etch1_s390.deb stable/main/binary-s390/postgresql-client-7.4_7.4.23-0etch1_s390.deb stable/main/binary-s390/postgresql-plpython-7.4_7.4.23-0etch1_s390.deb stable/main/binary-s390/postgresql-pltcl-7.4_7.4.23-0etch1_s390.deb stable/main/binary-s390/postgresql-contrib-7.4_7.4.23-0etch1_s390.deb postgresql-7.4 (1:7.4.23-0etch1) stable; urgency=low * New upstream bug fix release 7.4.23: - Fix backend crash when the client encoding cannot represent a localized error message. - Fix incorrect tsearch2 headline generation when single query item matches first word of text. - Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an "--enable-integer-datetimes" build. - Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns. This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. - Fix ecpg's parsing of "CREATE USER". * New upstream bug fix release 7.4.22: - Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform. - Improve performance of writing very long log messages to syslog. - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query. - Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents. This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like "col" IS NULL. - Improve pg_dump and pg_restore's error reporting after failure to send a SQL command. * New upstream bug fix release 7.4.21: - Make pg_get_ruledef() parenthesize negative constants. Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid "SELECT DISTINCT" view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. * New upstream bug fix release 7.4.20: - Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic "Yo" characters (e and E with two dots). - Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. - Fix a corner case in regular-expression substring matching (substring(string from pattern)). The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). - Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function. - Fix longstanding "LISTEN"/"NOTIFY" race condition. In rare cases a session that had just executed a "LISTEN" might not get a notification, even though one would be expected because the concurrent transaction executing "NOTIFY" was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed "LISTEN" command will not see any row in pg_listener for the "LISTEN", should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. - Fix display of constant expressions in ORDER BY and GROUP BY. An explictly caste