: VCS matches the version in the archive
- Git: https://salsa.debian.org/postgresql/postgresql.git -b 11
- Branch: 11
- Path: debian/changelog
- Browser: https://salsa.debian.org/postgresql/postgresql
- Last scan: 2019-07-22 22:43:11+00
- Next scan: 2019-07-23 23:58:00+00
- CI pipeline status: failed
- Debian changelog in Git:
postgresql-11 (11.4-1) unstable; urgency=medium
* New upstream version.
+ Fix buffer-overflow hazards in SCRAM verifier parsing
(Jonathan Katz, Heikki Linnakangas, Michael Paquier)
Any authenticated user could cause a stack-based buffer overflow by
changing their own password to a purpose-crafted value. In addition to
the ability to crash the PostgreSQL server, this could suffice for
executing arbitrary code as the PostgreSQL operating system account.
A similar overflow hazard existed in libpq, which could allow a rogue
server to crash a client or perhaps execute arbitrary code as the
client's operating system account.
The PostgreSQL Project thanks Alexander Lakhin for reporting this
-- Christoph Berg <firstname.lastname@example.org> Tue, 18 Jun 2019 11:03:14 +0200
- This branch is even with tag debian/11.4-1