-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4027-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2017-15098 A vulnerabilitiy has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset() and jsonb_populate_recordset() functions. For the oldstable distribution (jessie), this problem has been fixed in version 9.4.15-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloEyhIACgkQEMKTtsN8 TjZxOA//TZ8wa50uQAlkRoUdP5SGsI33lAkGBvCtERtkpDm5EThuMnxSs95j7Zq1 HTjd/Gqusfgl5xCHrXUNYGVs4jZ0QQa5LsHCsiNsvCayvkoxw6FguetqRSkvjtrT v1I0xU+3nNMzv66fVwnFJ5KK/WTvlOwLk1X0ccYcMkpxDhD6CUUQhZbdN9OB9nWT GlL3BwweerB8UuxxWapad9zbJnNM/a7tjd0XJ+OAu5P5LBxYIgsGmKMjynB/Igtx K5+B7t8kLCnG9Gbip1TLVg0zMVugbuO9OWA2I76U0lGvpfmbOaUq/yXEbOvv1hjG nbZG7D17lCyDJps/6e7VJI8yL6l2ibaCn28hrLy1bNm6r3hXdr2wn9ulgbXfMCrU o67PK6sFCwhYieKJUJBwQVtQ+XlK0TSsLycggIxA5SY5nfBHGoSjQEhR9bYlKuL0 Cspm8ciIxtibBN5gr8jU5zOlPA2jLRdnHrCR8zQwfKEU9nZaxWAa8KqNwOliG4xT vPvNczcyP0++GOtJO9bTc9NXZJW7zRMqfQP2jtn4YPBFCZndLXDrn3w+IWBTAGuU sDj+EzCSscMoVFvD0NlLn1sBB5xbNS3/GY6PncPIW+60q5xZ4sx83K8yxtmkfx01 k4LuTZqJP2PvcAa4BmxaIrLPQi33rEM0nwrQkMnUHSULGwQ6axE= =Eg5u -----END PGP SIGNATURE-----