[ubuntu/plucky-proposed] postgresql-17 17.4-1 (Accepted)
Simon Quigley
tsimonq2 at ubuntu.com
Sat Feb 22 03:16:27 UTC 2025
postgresql-17 (17.4-1) unstable; urgency=medium
* New upstream version 17.4.
+ Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane)
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor their string
length parameter, instead always reading to the input string's trailing
null. This resulted in including unwanted text in the output, if the
caller intended to truncate the string via the length parameter. With
very bad luck it could cause a crash due to reading off the end of
memory.
In addition, modify all these quoting functions so that when invalid
encoding is detected, an invalid sequence is substituted for just the
first byte of the presumed character, not all of it. This reduces the
risk of problems if a calling application performs additional processing
on the quoted string.
* Build-depend on openssl. (Closes: #1096243)
* Added po-debconf Catalan translation by Carles Pina i Estany, thanks!
Date: 2025-02-20 22:52:40.017162+00:00
Signed-By: Simon Quigley <tsimonq2 at ubuntu.com>
https://launchpad.net/ubuntu/+source/postgresql-17/17.4-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list