Bug#781579: unblock (pre-approval): postgis/2.1.4+dfsg-3
Markus Wanner
markus at bluegap.ch
Tue Mar 31 09:14:15 UTC 2015
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-CC: pkg-grass-devel at lists.alioth.debian.org
Dear Release Team,
I would like to upload postgis-2.1.4+dfsg-3 for jessie via unstable.
This applies a minimally invasive upstream patch to fix a security issue.
Upstream keeps the issue classified, see
http://trac.osgeo.org/postgis/ticket/3094. AFAIUI a possible DoS is
prevented by properly checking JSON input data. Note that the mentioned
backend crash effectively means the database will terminate all pending
connections, roll back transactions, shut down and go through the usual
recovery procedures. Being able to trigger that process just by feeding
invalid GeoJSON data (e.g. via a web service) can certainly be
considered an effective DoS-Attack.
The debdiff is attached.
Kind Regards
Markus Wanner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postgis_2.1.4+dfsg-2_to_2.1.4+dfsg-3.diff
Type: text/x-patch
Size: 3628 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20150331/73923a9b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1513 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20150331/73923a9b/attachment-0001.sig>
More information about the Pkg-grass-devel
mailing list