Back to postgresql-11 PTS page

Accepted postgresql-11 11.3-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted postgresql-11 11.3-1 (source) into unstable
From: Christoph Berg <myon@debian.org>
Date: Thu, 09 May 2019 08:33:56 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1hOeV2-000A3O-Ps@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 May 2019 12:04:34 +0200
Source: postgresql-11
Architecture: source
Version: 11.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-11 (11.3-1) unstable; urgency=medium
 .
   * New upstream version.
     + Prevent row-level security policies from being bypassed via selectivity
       estimators (Dean Rasheed)
 .
       Some of the planner's selectivity estimators apply user-defined
       operators to values found in pg_statistic (e.g., most-common values).
       A leaky operator therefore can disclose some of the entries in a data
       column, even if the calling user lacks permission to read that column.
       In CVE-2017-7484 we added restrictions to forestall that, but we failed
       to consider the effects of row-level security.  A user who has SQL
       permission to read a column, but who is forbidden to see certain rows
       due to RLS policy, might still learn something about those rows'
       contents via a leaky operator.  This patch further tightens the rules,
       allowing leaky operators to be applied to statistics data only when
       there is no relevant RLS policy.  (CVE-2019-10130)
 .
     + Avoid access to already-freed memory during partition routing error
       reports (Michael Paquier)
 .
       This mistake could lead to a crash, and in principle it might be
       possible to use it to disclose server memory contents. (CVE-2019-10129)
Checksums-Sha1:
 6bd21c1ae36b00a90d035e1fc51ec18f0a7d1251 3706 postgresql-11_11.3-1.dsc
 99b54b4ec4b519c9617f942348d5be328f916773 19718775 postgresql-11_11.3.orig.tar.bz2
 de5afbcbf508191a3e0a8964f5e268350cd3e8c7 23928 postgresql-11_11.3-1.debian.tar.xz
 e37de3aabaed50512c33622a9e3f1c714be2a4b0 8757 postgresql-11_11.3-1_source.buildinfo
Checksums-Sha256:
 c3b077eff6d49532bfc0294d323b3618566fa7aaf718cbda5cdd64611de04d48 3706 postgresql-11_11.3-1.dsc
 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d 19718775 postgresql-11_11.3.orig.tar.bz2
 db88c01d8ed7718f659b7a3483dd1987268161a2c4773658c99afd8f39cc98af 23928 postgresql-11_11.3-1.debian.tar.xz
 f27802b14a3af0d0cdfaa1d88a4ca0c69cd9a868c4aaa4c314ccbb1d0f7e3165 8757 postgresql-11_11.3-1_source.buildinfo
Files:
 9b74eb2b7251586a20d23c52e5c55480 3706 database optional postgresql-11_11.3-1.dsc
 c2a729b754b8de86a969c86ec25db076 19718775 database optional postgresql-11_11.3.orig.tar.bz2
 a162b1efb37d645c6c6cfefa4d265a34 23928 database optional postgresql-11_11.3-1.debian.tar.xz
 daf0d1a7ba957757347899f233ac7212 8757 database optional postgresql-11_11.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlzT3TAACgkQTFprqxLS
p67Giw/9HdFe9w2cGJ0TDRTK1pf2j1eaQyy2TeXZbBZJanm+E/Y72CPP3RotOoUd
tEWqaR0olkkAy9A9N4VuneBKs0Vq+vPsWbs6PbTZ7vgnWCudZC8pEVVCF8Hv96t5
GqaJft4RNFlzThJGEqRRVYoP1dWbxf87KnU2ucY95XzKLYOP7fpa/im6f8v5BiQD
ov1IOjlrLqeC2xSTl5SpnKBMuPLUVSxZXKi9E1e5wrqYZcGNmJ24SMTOIIHx4u0q
EFYrJiLL+VZE7/j35BGaRQUGW3kFiTwNptV90XySdXPk600DP+IymwGR8+pFWr2y
TGMU3gSJKSw+tGClvo/Qv2aKeszbg0hIqmqJ4C8452rDVchPazSfGkzVtdW+KG+k
Njr9/axbkh2EIypat3GRGLEsog7ZccqqFridV5WwATIb7K2lJCJlVEt0Z7xnq2Kz
itYkruL6UC1300+b5b89HSmWkGjLXcPIZJKvSzjuiclyji0Rl3eNxJVTWE6LwlBF
1HvXY1NhY8C7rzzunLQOzeyljenBLC+grYfWh4YD4B4Eqri7NFP9hUdT1Rt4ldlh
Yj79WivOGqGKTbVOeXeRy7s9ERBQt7no9M4P3ukyr1TH2hiRBD0YTomDUdmVuqjc
TE2xdmoJ2uLn8SinJXW4rGKjEbDLmpORi26LTtytAzCek6BOnJE=
=ZZYB
-----END PGP SIGNATURE-----