Debian Security Advisory

DLA-709-1 postgresql-9.1 -- LTS security update

Date Reported:
16 Nov 2016
Affected Packages:
postgresql-9.1
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

Several bugs were discovered in PostgreSQL, a relational database server system. This update corrects various stability issues.

9.1.24 marks the end of life of the PostgreSQL 9.1 branch. No further releases will be made by the PostgreSQL Global Development Group.

Users of PostgreSQL 9.1 should look into upgrading to a newer PostgreSQL release. Options are:

  • Upgrading to Debian 8 (Jessie), providing postgresql-9.4.
  • The use of the apt.postgresql.org repository, providing packages for all active PostgreSQL branches (9.2 up to 9.6 at the time of writing).

    See https://wiki.postgresql.org/wiki/Apt for more information about the repository.

    A helper script to activate the repository is provided in /usr/share/doc/postgresql-9.1/examples/apt.postgresql.org.sh.gz.

  • In Debian, an LTS version of 9.1 is in planning that will cover the lifetime of wheezy-lts. Updates will made on a best-effort basis. Users can take advantage of this, but should still consider upgrading to newer PostgreSQL versions over the next months.

    See https://wiki.debian.org/LTS for more information about Debian LTS.

For Debian 6 Squeeze, these issues have been fixed in postgresql-9.1 version 9.1.24-0+deb7u1