Univention Bugzilla – Full Text Bug Listing |
Summary: | postgresql-common: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | ||
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-2-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L) TMP |
Description
Quality Assurance
2019-11-18 07:59:09 CET
--- mirror/ftp/4.3/unmaintained/4.3-2/source/postgresql-common_181+deb9u2A~4.3.1.201808081329.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/postgresql-common_181+deb9u3A~4.4.2.201911180758.dsc @@ -1,8 +1,14 @@ -181+deb9u2A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:47:48 +0200] Univention builddaemon <buildd@univention.de>: +181+deb9u3A~4.4.2.201911180758 [Mon, 18 Nov 2019 07:59:20 +0100] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 01-autostart-setting - 02-emit-supported-postgresql-versions + * UCS auto build. No patches were applied to the original source package + +181+deb9u3 [Tue, 12 Nov 2019 15:00:36 +0100] Christoph Berg <myon@debian.org>: + + * pg_ctlcluster: Drop privileges before creating socket and stats temp + directories outside /var/run/postgresql. The default configuration is not + affected by this change. Users with directories on volatile storage + (tmpfs) in other locations have to make sure the parent directory is + writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch) 181+deb9u2 [Fri, 08 Jun 2018 11:16:28 +0200] Christoph Berg <christoph.berg@credativ.de>: <http://10.200.17.11/4.4-2/#3622232025281512551> --- mirror/ftp/4.3/unmaintained/4.3-2/source/postgresql-common_181+deb9u2A~4.3.1.201808081329.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/postgresql-common_181+deb9u3A~4.4.0.201911181236.dsc @@ -1,8 +1,16 @@ -181+deb9u2A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:47:48 +0200] Univention builddaemon <buildd@univention.de>: +181+deb9u3A~4.4.0.201911181236 [Mon, 18 Nov 2019 12:36:27 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-autostart-setting 02-emit-supported-postgresql-versions + +181+deb9u3 [Tue, 12 Nov 2019 15:00:36 +0100] Christoph Berg <myon@debian.org>: + + * pg_ctlcluster: Drop privileges before creating socket and stats temp + directories outside /var/run/postgresql. The default configuration is not + affected by this change. Users with directories on volatile storage + (tmpfs) in other locations have to make sure the parent directory is + writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch) 181+deb9u2 [Fri, 08 Jun 2018 11:16:28 +0200] Christoph Berg <christoph.berg@credativ.de>: <http://10.200.17.11/4.4-2/#4683309115405766139> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-2] 64c6ddbea8 Bug #50506: postgresql-common 181+deb9u3A~4.4.0.201911181236 doc/errata/staging/postgresql-common.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) [4.4-2] caacc34993 Bug #50506: postgresql-common 181+deb9u3A~4.4.2.201911180758 doc/errata/staging/postgresql-common.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) |