Bug 13336 - postgresql new security issues fixed upstream in 9.2.7, 9.1.12, 9.0.16, and 8.4.20
Summary: postgresql new security issues fixed upstream in 9.2.7, 9.1.12, 9.0.16, and 8...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/587542/
Whiteboard: has_procedure advisory mga3-32-ok mga...
Keywords: validated_update
Depends on: 12841
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-07 20:16 CEST by David Walser
Modified: 2014-05-17 02:45 CEST (History)
4 users (show)

See Also:
Source RPM: postgresql
CVE:
Status comment:


Attachments

Description David Walser 2014-05-07 20:16:00 CEST
+++ This bug was initially created as a clone of Bug #12841 +++

Upstream has issued an advisory on February 20:
http://article.gmane.org/gmane.comp.db.postgresql.announce/2371

Debian has issued advisories for this on February 20:
http://www.debian.org/security/2014/dsa-2864
http://www.debian.org/security/2014/dsa-2865

Mandriva has also issued an advisory for this:
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:047/

We've fixed this for Mageia 4, but still need to fix it for Mageia 3.
David Walser 2014-05-07 20:16:40 CEST

Blocks: 13241, 12782 => (none)
Assignee: bugsquad => doktor5000

Comment 1 Florian Hubold 2014-05-09 17:30:37 CEST
Pushed the same versions as for Mageia 4, except for 8.4, where I've pushed the latest version. postgresql9.3 doesn't exist for mga3. Here's a short list:

postgresql8.4-8.4.21-1.mga3
postgresql9.0-9.0.17-1.mga3
postgresql9.1-9.1.13-1.mga3
postgresql9.2-9.2.8-1.mga3

Advisory:
https://bugs.mageia.org/show_bug.cgi?id=12841#c14


x86_64

postgresql8.4-pltcl-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-pl-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-plperl-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-contrib-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-server-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-plpython-8.4.21-1.mga3.x86_64.rpm
lib64ecpg8.4_6-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-debuginfo-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-devel-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-plpgsql-8.4.21-1.mga3.x86_64.rpm
lib64pq8.4_5-8.4.21-1.mga3.x86_64.rpm
postgresql8.4-docs-8.4.21-1.mga3.noarch.rpm

postgresql9.0-contrib-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-plpython-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-pltcl-9.0.17-1.mga3.x86_64.rpm
lib64pq9.0_5-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-plperl-9.0.17-1.mga3.x86_64.rpm
lib64ecpg9.0_6-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-pl-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-server-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-devel-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-plpgsql-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-debuginfo-9.0.17-1.mga3.x86_64.rpm
postgresql9.0-docs-9.0.17-1.mga3.noarch.rpm

postgresql9.1-pl-9.1.13-1.mga3.x86_64.rpm
lib64pq9.1_5-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-plpython-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-debuginfo-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-plpgsql-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-contrib-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-devel-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-pltcl-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-server-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-plperl-9.1.13-1.mga3.x86_64.rpm
lib64ecpg9.1_6-9.1.13-1.mga3.x86_64.rpm
postgresql9.1-docs-9.1.13-1.mga3.noarch.rpm

lib64pq9.2_5-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-pl-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-contrib-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-plperl-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-pltcl-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-debuginfo-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-plpython-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-plpgsql-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-devel-9.2.8-1.mga3.x86_64.rpm
lib64ecpg9.2_6-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-server-9.2.8-1.mga3.x86_64.rpm
postgresql9.2-docs-9.2.8-1.mga3.noarch.rpm


i586

postgresql8.4-pltcl-8.4.21-1.mga3.i586.rpm
postgresql8.4-pl-8.4.21-1.mga3.i586.rpm
postgresql8.4-plperl-8.4.21-1.mga3.i586.rpm
postgresql8.4-contrib-8.4.21-1.mga3.i586.rpm
postgresql8.4-server-8.4.21-1.mga3.i586.rpm
postgresql8.4-plpython-8.4.21-1.mga3.i586.rpm
lib64ecpg8.4_6-8.4.21-1.mga3.i586.rpm
postgresql8.4-debuginfo-8.4.21-1.mga3.i586.rpm
postgresql8.4-devel-8.4.21-1.mga3.i586.rpm
postgresql8.4-8.4.21-1.mga3.i586.rpm
postgresql8.4-plpgsql-8.4.21-1.mga3.i586.rpm
lib64pq8.4_5-8.4.21-1.mga3.i586.rpm
postgresql8.4-docs-8.4.21-1.mga3.noarch.rpm

postgresql9.0-contrib-9.0.17-1.mga3.i586.rpm
postgresql9.0-plpython-9.0.17-1.mga3.i586.rpm
postgresql9.0-pltcl-9.0.17-1.mga3.i586.rpm
lib64pq9.0_5-9.0.17-1.mga3.i586.rpm
postgresql9.0-plperl-9.0.17-1.mga3.i586.rpm
lib64ecpg9.0_6-9.0.17-1.mga3.i586.rpm
postgresql9.0-pl-9.0.17-1.mga3.i586.rpm
postgresql9.0-server-9.0.17-1.mga3.i586.rpm
postgresql9.0-9.0.17-1.mga3.i586.rpm
postgresql9.0-devel-9.0.17-1.mga3.i586.rpm
postgresql9.0-plpgsql-9.0.17-1.mga3.i586.rpm
postgresql9.0-debuginfo-9.0.17-1.mga3.i586.rpm
postgresql9.0-docs-9.0.17-1.mga3.noarch.rpm

postgresql9.1-pl-9.1.13-1.mga3.i586.rpm
lib64pq9.1_5-9.1.13-1.mga3.i586.rpm
postgresql9.1-plpython-9.1.13-1.mga3.i586.rpm
postgresql9.1-debuginfo-9.1.13-1.mga3.i586.rpm
postgresql9.1-9.1.13-1.mga3.i586.rpm
postgresql9.1-plpgsql-9.1.13-1.mga3.i586.rpm
postgresql9.1-contrib-9.1.13-1.mga3.i586.rpm
postgresql9.1-devel-9.1.13-1.mga3.i586.rpm
postgresql9.1-pltcl-9.1.13-1.mga3.i586.rpm
postgresql9.1-server-9.1.13-1.mga3.i586.rpm
postgresql9.1-plperl-9.1.13-1.mga3.i586.rpm
lib64ecpg9.1_6-9.1.13-1.mga3.i586.rpm
postgresql9.1-docs-9.1.13-1.mga3.noarch.rpm

lib64pq9.2_5-9.2.8-1.mga3.i586.rpm
postgresql9.2-pl-9.2.8-1.mga3.i586.rpm
postgresql9.2-contrib-9.2.8-1.mga3.i586.rpm
postgresql9.2-9.2.8-1.mga3.i586.rpm
postgresql9.2-plperl-9.2.8-1.mga3.i586.rpm
postgresql9.2-pltcl-9.2.8-1.mga3.i586.rpm
postgresql9.2-debuginfo-9.2.8-1.mga3.i586.rpm
postgresql9.2-plpython-9.2.8-1.mga3.i586.rpm
postgresql9.2-plpgsql-9.2.8-1.mga3.i586.rpm
postgresql9.2-devel-9.2.8-1.mga3.i586.rpm
lib64ecpg9.2_6-9.2.8-1.mga3.i586.rpm
postgresql9.2-server-9.2.8-1.mga3.i586.rpm
postgresql9.2-docs-9.2.8-1.mga3.noarch.rpm

SRPMS
postgresql8.4-8.4.21-1.mga3.src.rpm
postgresql9.0-9.0.17-1.mga3.src.rpm
postgresql9.1-9.1.13-1.mga3.src.rpm
postgresql9.2-9.2.8-1.mga3.src.rpm

Status: NEW => ASSIGNED
Assignee: doktor5000 => qa-bugs
Summary: postgresql new security issues fixed upstream in 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20 => postgresql new security issues fixed upstream in 9.2.7, 9.1.12, 9.0.16, and 8.4.20

Comment 2 claire robinson 2014-05-10 09:50:02 CEST
Easy one to test.

Procedure: https://bugs.mageia.org/show_bug.cgi?id=12841#c8

The world.sql file referenced can be found here, it needs extracting before use.
http://pgfoundry.org/frs/download.php/527/world-1.0.tar.gz

Whiteboard: (none) => has_procedure

Comment 3 claire robinson 2014-05-16 13:31:22 CEST
Testing these now.
Comment 4 claire robinson 2014-05-16 14:06:45 CEST
Testing complete mga3 32

Whiteboard: has_procedure => has_procedure mga3-32-ok

Comment 5 claire robinson 2014-05-16 14:43:59 CEST
Testing complete mga3 64

Whiteboard: has_procedure mga3-32-ok => has_procedure mga3-32-ok mga3-64-ok

Comment 6 claire robinson 2014-05-16 14:53:31 CEST
Validating. Advisory uploaded. Could you check it please David.

Could sysadmin please push to 3 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-32-ok mga3-64-ok => has_procedure advisory mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 7 David Walser 2014-05-16 16:58:54 CEST
(In reply to claire robinson from comment #6)
> Validating. Advisory uploaded. Could you check it please David.

Looks good :D  Thanks.
Comment 8 Thomas Backlund 2014-05-17 02:45:51 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2014-0222.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.