Accepted postgresql-13 13.12-0+deb11u1 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted postgresql-13 13.12-0+deb11u1 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 12 Oct 2023 06:33:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-13_13.12-0+deb11u1_source.changes
- Debian-source: postgresql-13
- Debian-suite: oldstable-proposed-updates
- Debian-version: 13.12-0+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=fQgE5f3nhoMYF8bLzUFkRRCLf9Dk7UfiWzMYtd7S2fM=; b=CNMqXFJXaXk8w4CJSKp6KZLK9m CncgI6oRbZeORzJ7Gk8rmGZLQpi+NpJNMdr3aoIyopVcmcEZKke97QmPWAX03bB0ATtfgVS3JBvwY sOPo13r6Mb/quIIUPg3yqchISokobxooSWrbSXy/ZmkCrPm/rRhvN5BQaz4VInoITLUxJpnKk5Zmq x/f3yhvhyyO37JYuVv3i7y5bhvJjZ8YcQaC7wrlpqEexkz7cjSMMbQ6fJMCernziZ/IwbBch4hvpo JxIRQeFgAAMIpQv88/dLrFQdYpzKSjC9op2XfFcMxmS51tum/MROJHidnSDnZv4mkZH/QCeorfHsP d85ileVA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qqpG2-002XlA-M3@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 01 Oct 2023 21:59:50 +0200
Source: postgresql-13
Architecture: source
Version: 13.12-0+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-13 (13.12-0+deb11u1) bullseye; urgency=medium
.
* New upstream version.
.
+ Disallow substituting a schema or owner name into an extension script if
the name contains a quote, backslash, or dollar sign (Noah Misch)
.
This restriction guards against SQL-injection hazards for trusted
extensions.
.
The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim
Carey-Smith, and Christoph Berg for reporting this problem.
(CVE-2023-39417)
Checksums-Sha1:
700d83b5fcfaa50ee224218365e32a57b4e00c26 3703 postgresql-13_13.12-0+deb11u1.dsc
42b97e5e04398d54c0ad70cf3df1b37bf6039891 21542293 postgresql-13_13.12.orig.tar.bz2
c80c12393048b762c9b3e5df3a65e422982e4423 30220 postgresql-13_13.12-0+deb11u1.debian.tar.xz
Checksums-Sha256:
c718caec1e74cf6092299b6891f17ee1cc99363693320e9a7b66d674a8c0793f 3703 postgresql-13_13.12-0+deb11u1.dsc
0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b 21542293 postgresql-13_13.12.orig.tar.bz2
6d79af2555654ff902f18bc3b4ad7b286336e9bc4e7a9c1ba7df5c3cf11428aa 30220 postgresql-13_13.12-0+deb11u1.debian.tar.xz
Files:
b8602b91ab9e5dc38bc098b03e615c29 3703 database optional postgresql-13_13.12-0+deb11u1.dsc
01c68c8f05a7e537977ee00e57110815 21542293 database optional postgresql-13_13.12.orig.tar.bz2
6d6f3c9064b1ee30bd11e9747baf0e1a 30220 database optional postgresql-13_13.12-0+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmUa3NcACgkQTFprqxLS
p64dsQ/+Ivs89wRsDRJSPvaHbOMpR07c5lIVZlwxS9tUBSpI5swm6+Y2meUhDVGE
jeHAshZipTPiyhHcj/Jh6YDhvljWxg9wDwI3aAhjqDz6jJyJyL58A+/Rne7/BXoc
fCEYj7zoyPMWvuMre6jEdlbuyi+TO3W3HudD8HkW5mJ7abfjxmMtklD0F0ojZaBQ
npzAv8DxTInp/9YTAhLQg+fs/FQK3tZ//XdG78QoqF7Ah0/gD6MP0Vm+3Z/i3OPh
Plhw4xaL4XB7H8DQv/MW/GbYMpwU3EROFizIJ1O/yV4Zdx++9XOPmYnOIq6tU6NF
/GAPaX6BjmZo2JYIoivj7OkWZSnrd0SSA4SkKxJinckeWaSrqhWdZ9V/w5kXsfmr
3yXauuvlGK/at8AcaYh4UBUwEUCUtOOLe/2oJwCYR+kxHsV2EHZibYX7jWuKuCcW
hkDEsKqr7HJxcMIV9kb9dBk5bmdF3IBs1zg/vEIBCfiw5yST6k5sFQC+CYbnSYDn
KdefCLiKQVd6sdjM8qHbWDQUgZHsC8DaxLsuWpCPjadqvOnvI9EY8I4pHfTYc6Cf
UJud1ztubZSNBBrgqKc0G4YQdH+42qtOyZ2Ic3bdsqhZ/3RGfaEDU2J5pGKwg3Sy
JUeR3Q2LUpqcqftqkkC+sQBGFLwy2gj3p4ggzhsrY8AI1jiLuC4=
=iZQu
-----END PGP SIGNATURE-----