Accepted postgresql-11 11.16-0+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted postgresql-11 11.16-0+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 14 May 2022 11:48:57 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=zv1A4U4reKqr4wcxWLuKTszl21yoDgLeh5Be/GTvVB4=; b=Z+u6A/JteC1EfKgekuqI3GM1gL 4n2bwC0WAw+CWz+uflUc3PCrmBHF1PYHgvJ2TAeyCYC2pa8b7kDRfdSaL04wyBSZ/FkvGB2KcEapR kyHehBmD3NEueMqmXjZINE8rVF7daJdNck8JV+pfUbIaV9cabXwliAc9MdLAl6PKwqth0HbrvXGS4 0BDb8HTY4OC0x1F04UfI6wQs++o5M5HrEkRWcCSAlkrDVrghn8P4wUlbP2sAKkcfiKSRu8ML14JBR A0bs9sQUYKfOg4tTOGdSEMf1evOcr1nhpwcDfIPZkjWmX7yN5CZTBU/JZDYiAsSK0YMEUbsgR+Nno OZg9XHFw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1npqGX-0005s2-8r@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 May 2022 15:15:30 +0200
Source: postgresql-11
Architecture: source
Version: 11.16-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-11 (11.16-0+deb10u1) buster-security; urgency=medium
.
* New upstream release.
.
* Confine additional operations within security restricted operation
sandboxes (Sergey Shinderuk, Noah Misch)
.
Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
and pg_amcheck activated the security restricted operation protection
mechanism too late, or even not at all in some code paths. A user having
permission to create non-temporary objects within a database could
define an object that would execute arbitrary SQL code with superuser
permissions the next time that autovacuum processed the object, or that
some superuser ran one of the affected commands against it.
.
The PostgreSQL Project thanks Alexander Lakhin for reporting this
problem. (CVE-2022-1552)
Checksums-Sha1:
60de28e354b62679eb537b6ca10d94d169ba9c1f 3745 postgresql-11_11.16-0+deb10u1.dsc
1363628af4edb0a36e68f7a9941294dbcd083715 20347100 postgresql-11_11.16.orig.tar.bz2
f3aa86b3b63c3282f91d21069bdfe438d742edb1 28300 postgresql-11_11.16-0+deb10u1.debian.tar.xz
Checksums-Sha256:
a5260ef4b2622d0c2c1ea8bcadade0c03824f5455fe2475db713edb80f522e5a 3745 postgresql-11_11.16-0+deb10u1.dsc
2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 20347100 postgresql-11_11.16.orig.tar.bz2
7fcd14f517983bea39a6f97dcd99333e359be6c6f2985e12aa7ccf637c6c504b 28300 postgresql-11_11.16-0+deb10u1.debian.tar.xz
Files:
012f78e4426afb38af209953c235ba1d 3745 database optional postgresql-11_11.16-0+deb10u1.dsc
68ba8abe647f52503ae562755593e3df 20347100 database optional postgresql-11_11.16.orig.tar.bz2
472cceec9235f715b2859d663d0213ac 28300 database optional postgresql-11_11.16-0+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmJ7t50ACgkQTFprqxLS
p65cFRAAlTDhYVSn4rh94MFDnO6NnXVFh5QJBnx6y7Kl9Sc6QKMm/r+dAatUIv7f
jZ1CWfCT6R7QyRcOydfKpABFrZvXvKZYLZebB4DOEXIMWzizz+MSrzEHxtKWNdKX
TLgDPxnCK77bnlKJyHvduYqf3wPmNuEtne1I4vtP69XGlV2SWZP0dnCkXL0LndEB
lrJGM1MbmKzVVgw28Ad8zUJ9RkBvvDxjQmrRvzs5s46mpOMFuBjoKI2yx6yMvVPl
p/li9OyL44Mw4ODEPX0maEL6f+msnLS4ymv78I67AlpVE++MzAExhO+cBl3dE62k
LqKG60bZ+KwxqR4X999xwqhX47QAC4Amtyy4gIYwW5PA57718/0ctRH2cl+GqWCS
00LsWgj1rWqvjl/O71u4j6OdEMnU8YwEHEhJFRaJckVx19oIIDU7jQAYWtLbOv6G
vbaWEuaSxTclDL71E1QfUp8M20wn/dqfsjDXgyzv40fY0AoB5BjeFQxe7Qm3K9Jm
vX9dqx2HDkHnPKOqSt1Ka/AbJVCH4S1/MexyzsDiVoUuZlN6BzqaVBxOxL6AGQ97
bBucTHM/nSgJ6gnKNd2Oetrqdthjtwxz4tac5H04a7xC+0T3ybfnby2waYRHUJ1Y
79wy6uUNl6f8AWMsonA5RmZYzQ3QGxm5LT1LcNiiR77I+yUtlBA=
=DvXm
-----END PGP SIGNATURE-----