Accepted postgresql-11 11.5-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 08 Aug 2019 15:22:02 +0200
Source: postgresql-11
Architecture: source
Version: 11.5-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Closes: 929953 932247
Changes:
postgresql-11 (11.5-1+deb10u1) buster-security; urgency=high
.
* New upstream security release.
+ Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247)
.
+ No longer picks "UCT" as timezone spelling. (Closes: #929953)
.
+ Require schema qualification to cast to a temporary type when using
functional cast syntax (Noah Misch)
.
We have long required invocations of temporary functions to explicitly
specify the temporary schema, that is pg_temp.func_name(args). Require
this as well for casting to temporary types using functional notation,
for example pg_temp.type_name(arg). Otherwise it's possible to capture a
function call using a temporary object, allowing privilege escalation in
much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)
.
+ Fix execution of hashed subplans that require cross-type comparison
(Tom Lane, Andreas Seltenreich)
.
Hashed subplans used the outer query's original comparison operator to
compare entries of the hash table. This is the wrong thing if that
operator is cross-type, since all the hash table entries will be of the
subquery's output type. For the set of hashable cross-type operators in
core PostgreSQL, this mistake seems nearly harmless on 64-bit machines,
but it can result in crashes or perhaps unauthorized disclosure of
server memory on 32-bit machines. Extensions might provide hashable
cross-type operators that create larger risks. (CVE-2019-10209)
Checksums-Sha1:
e5e059fd0070a341cf0c7e88f2cbe1419bf94100 3738 postgresql-11_11.5-1+deb10u1.dsc
24ceee589a0aec775ea7c4c4a001c710ff27a0d4 19773087 postgresql-11_11.5.orig.tar.bz2
f51cd2a66f2f70b3df1b54b4e8d68083930f1504 24772 postgresql-11_11.5-1+deb10u1.debian.tar.xz
Checksums-Sha256:
863ba2eef964710fc55df55f69cc2503ae7b08d991f8144281c90db2281051ab 3738 postgresql-11_11.5-1+deb10u1.dsc
7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 19773087 postgresql-11_11.5.orig.tar.bz2
24d435fe5ef3ae9b7816724a034177a79c92136c01cb704f258e829c7a2aabae 24772 postgresql-11_11.5-1+deb10u1.debian.tar.xz
Files:
81b62fbb872ee1ac29c822538e91764b 3738 database optional postgresql-11_11.5-1+deb10u1.dsc
580da94f6d85046ff2a228785ab2cc89 19773087 database optional postgresql-11_11.5.orig.tar.bz2
6cf22c60076cf1a5e05e399ba532f919 24772 database optional postgresql-11_11.5-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl1MI/kACgkQTFprqxLS
p65arw/9F3zh338NWhEAAEv4TrxPO1Eeb2FIpUzsUN8fwzAHIo4hxdo+edPpukDe
Ys/IMYNZz4750ZztRGqRW1x8nMXFmx1/q1OPDxHjWUX13o8+VzAjBcajglo/sgOC
BHaJQ8PXG7XtbOceymDaBAAHN89FTmbIdBGr+8GfWLna1Y56IQKXNqvmLvh8JiD5
tijtADn7nawbgw58cYg3JJi3y5o7lNK+jr2wLVPRfxAZwmX8ExU8tLu0wcN2IlhV
vMN3gVfCWjkPzWESdGopLwNNvWqRCmPDpkL6b7TxS63geFNvAs8WuykaH1efMdu0
4HBJH+2og9g94m6p6vt8AfwKZ6aTroiFgPPsq/X0LgdpVUlLYrby1+zLbbX/lR9k
rPzcH1giAOfULfsWetGva9IIU3+0vPxfpd4jJExvyYII+JRMWpcajplPrOoC94BX
3CF5etn5+ZuiSSbBoXvS32xe9OFEiAOkBNUs0YSWJPDSBhUg5jyXTvBnsz1inPU5
Ab/DMaqaymuExt/TFeMTF4WJWH+wdoRAXpI6brJ0MyEdiGJOS9frEkyId+C/MksR
9feEfYVvTH6VdnAf/n5IcC6g/MPQFmJMto1bWJ63M/dFCOxKWQdRSt9dwK+mrs3C
OteaFtlrkVR9fd9CVzpbs69U13awgLq2+FQYt0bFne156MRKlZA=
=Is4L
-----END PGP SIGNATURE-----