-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4027-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 09, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : postgresql-9.4
CVE ID         : CVE-2017-15098

A vulnerabilitiy has been found in the PostgreSQL database system:
Denial of service and potential memory disclosure in the
json_populate_recordset() and jsonb_populate_recordset() functions.

For the oldstable distribution (jessie), this problem has been fixed
in version 9.4.15-0+deb8u1.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloEyhIACgkQEMKTtsN8
TjZxOA//TZ8wa50uQAlkRoUdP5SGsI33lAkGBvCtERtkpDm5EThuMnxSs95j7Zq1
HTjd/Gqusfgl5xCHrXUNYGVs4jZ0QQa5LsHCsiNsvCayvkoxw6FguetqRSkvjtrT
v1I0xU+3nNMzv66fVwnFJ5KK/WTvlOwLk1X0ccYcMkpxDhD6CUUQhZbdN9OB9nWT
GlL3BwweerB8UuxxWapad9zbJnNM/a7tjd0XJ+OAu5P5LBxYIgsGmKMjynB/Igtx
K5+B7t8kLCnG9Gbip1TLVg0zMVugbuO9OWA2I76U0lGvpfmbOaUq/yXEbOvv1hjG
nbZG7D17lCyDJps/6e7VJI8yL6l2ibaCn28hrLy1bNm6r3hXdr2wn9ulgbXfMCrU
o67PK6sFCwhYieKJUJBwQVtQ+XlK0TSsLycggIxA5SY5nfBHGoSjQEhR9bYlKuL0
Cspm8ciIxtibBN5gr8jU5zOlPA2jLRdnHrCR8zQwfKEU9nZaxWAa8KqNwOliG4xT
vPvNczcyP0++GOtJO9bTc9NXZJW7zRMqfQP2jtn4YPBFCZndLXDrn3w+IWBTAGuU
sDj+EzCSscMoVFvD0NlLn1sBB5xbNS3/GY6PncPIW+60q5xZ4sx83K8yxtmkfx01
k4LuTZqJP2PvcAa4BmxaIrLPQi33rEM0nwrQkMnUHSULGwQ6axE=
=Eg5u
-----END PGP SIGNATURE-----