Accepted postgresql-11 11.21-0+deb10u1 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted postgresql-11 11.21-0+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 01 Oct 2023 20:20:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-11_11.21-0+deb10u1_source.changes
- Debian-source: postgresql-11
- Debian-suite: oldoldstable
- Debian-version: 11.21-0+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=uxrjGzO0UkTe0bVWmO+IjLQI+p2n9zDllUu1vFUxrb4=; b=s+h1x9onyFsUYa22gAhmYUq2Ck fd86s55+CN6yYqgEF9ynKpXU0QaMzWSv5kpoTYYSszXxx7Bm05BWwcUSAJ14ft1MGO9eV3b3N+h0F 3XaQkO59HiBuJu7WQxMSZaKEcg34UmaHt03uUx1i5P/hkh1d3pP/SwLg1H6opjN770RJFNONJhKZp kBKWtPFxfFY7MR2TMjnIoqXaw/RcaHU6+N6AD///SmVBr17SUtj9OKDQpowXv/40VWCOK54bND4oN 36BgqIfLRIRyFguwnvtas+6QB6tYgRS35zCTM4caWpRPFlq+papx3tbb5aY5qNrH6y9rhmNSOjqLq 30Ape7+g==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qn2vL-002Jic-V8@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 01 Oct 2023 22:05:23 +0200
Source: postgresql-11
Architecture: source
Version: 11.21-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-11 (11.21-0+deb10u1) buster-security; urgency=medium
.
* New upstream version.
.
+ Prevent CREATE SCHEMA from defeating changes in search_path
(Report and fix by Alexander Lakhin, CVE-2023-2454)
Within a CREATE SCHEMA command, objects in the prevailing search_path,
as well as those in the newly-created schema, would be visible even
within a called function or script that attempted to set a secure
search_path. This could allow any user having permission to create a
schema to hijack the privileges of a security definer function or
extension script.
.
+ Enforce row-level security policies correctly after inlining a
set-returning function (Report by Wolfgang Walther, CVE-2023-2455)
If a set-returning SQL-language function refers to a table having
row-level security policies, and it can be inlined into a calling query,
those RLS policies would not get enforced properly in some cases
involving re-using a cached plan under a different role. This could
allow a user to see or modify rows that should have been invisible.
Checksums-Sha1:
291949a46a041f8aec0e828f20b70feaaafe1879 3745 postgresql-11_11.21-0+deb10u1.dsc
e69ac7e167d1380d04b28b5bd4fd8cb3d3465a9f 20467892 postgresql-11_11.21.orig.tar.bz2
4523634954b4a11354de5645bf7e9aa615ae8f20 29064 postgresql-11_11.21-0+deb10u1.debian.tar.xz
Checksums-Sha256:
8589b7778525d6052b51d4aaae5ae70a456921d63e7d2ddb5dde967712823398 3745 postgresql-11_11.21-0+deb10u1.dsc
07b0837471d5dd77b25166b34718f3ba10816b6ad61e691e6fc547cf3fcff850 20467892 postgresql-11_11.21.orig.tar.bz2
34fa8ee7d620d8940c179efba6a3d0be799ab77f009dd37cfb95237099d5d1bc 29064 postgresql-11_11.21-0+deb10u1.debian.tar.xz
Files:
b3aa4aa93ad7cbca82de7f31f6fa0037 3745 database optional postgresql-11_11.21-0+deb10u1.dsc
8d0c4236a5879bd3a988d024607cb5c7 20467892 database optional postgresql-11_11.21.orig.tar.bz2
6628a833fe4b2045d04ca487cf8a3633 29064 database optional postgresql-11_11.21-0+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmUZ0bUACgkQTFprqxLS
p655JQ/9FAxQZRoSXOOELCW4Pj5e21JShVrf1SKlv9XdWVYstHKI0AHQQ/MUP3A3
LMURHPFuEJpxWAyoUogij1XT0p0UnvoriRzUuxyI6XG3oGFuibZZcXUgYvkNh8Is
HABkUNlvm91j+9uUuhhSzSUKRCHLFRkNzmYZ9dq1TmxuMINtq6QZb93OpgVttJZt
9/o2j8As5t63DC4BBq4N4+zf+iR+hMse7gYb8YAA7NHX0ogCMAYp2Mr/RxGnJfdP
Z9+NTbLHt97/0X27WzEvatgSCkNUKx92gfyl3pE7KJx15rUxQznRvAY+E+557nRN
1scWKcd2GEY0e3JeFeX5wTrOS3ydyGKKOdb4gnZ4f2OoJ+lbESiCdxDjdpL7tKkx
t+tB+fdJ+eXi4HR/+H+w1R0Hhwz8JU79kCF9ROB6at7JqPCRx6i3MGPSrucCYq2C
66IHAeM6cacPOLt+vOQyvyw+lBO24gYzmFILJ6xi5HU8DlmVpOZq79bB4i2ofubr
LfiBhoNGmTOhXo0PLUklRuBO4bPiqT9h8yGjCsw4wWdwDNZDkPqpIG4oZf1bp8PD
pr2MB4YDIvmJYVJnCrCVqSDbBiXiQ99V8k49etuz4guvCPP0MgYbw33cxKU3fHnZ
wV0fWm9xVpRIdW3QxrfdA842tzGe8jhgL3VErAbPeXybrJweyq0=
=H9DF
-----END PGP SIGNATURE-----