Back to postgresql-14 PTS page

Accepted postgresql-14 14.3-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted postgresql-14 14.3-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 12 May 2022 13:49:16 +0000
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=Sq2YA9TAqkTYyhT/MMUECJ06wk7tuxdAJvgief+++Ic=; b=R/mEEB2xv07VS73FSMxtlP45bU qCy4mQIMFG44kG5pkmgLeRwSxYgEt8g4Goq36vjhuqI02vNZFXJgQTszSC6sGrv2peS1e2iaOpekg hLoDDTSfQzt/r4vdbo9MtFbtBMGGwLDCKRFUtsVOWMR8EUfzkL9lYw9O7I/wP45Dl5nqyYh9I0iHa 1/F2WPU038/XHqcY9IHt9CDnP0kL6HaLURunri+B2nP+U1HbtiyTdkBYkIEOapfIyZXYrQPLt575D Trh51/43OX0e4O7FrolNi+9OQxmkqelsuGUUjeG7YeFpt857VZTODE2L2CObWgHxysfsruLshz6En dCLrtpNA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1np9Bs-0009FV-7N@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 10 May 2022 10:34:28 +0200
Source: postgresql-14
Architecture: source
Version: 14.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-14 (14.3-1) unstable; urgency=medium
 .
   * New upstream release.
 .
     * Confine additional operations within security restricted operation
       sandboxes (Sergey Shinderuk, Noah Misch)
 .
       Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
       and pg_amcheck activated the security restricted operation protection
       mechanism too late, or even not at all in some code paths. A user having
       permission to create non-temporary objects within a database could
       define an object that would execute arbitrary SQL code with superuser
       permissions the next time that autovacuum processed the object, or that
       some superuser ran one of the affected commands against it.
 .
       The PostgreSQL Project thanks Alexander Lakhin for reporting this
       problem. (CVE-2022-1552)
 .
     * Fix default signature length for gist_ltree_ops indexes
       (Tomas Vondra, Alexander Korotkov)
 .
       The default signature length (hash size) for GiST indexes on ltree
       columns was accidentally changed while upgrading that operator class to
       support operator class parameters. If any operations had been done on
       such an index without first upgrading the ltree extension to version
       1.2, they were done assuming that the signature length was 28 bytes
       rather than the intended 8.  This means it is very likely that such
       indexes are now corrupt.  For safety we recommend re-indexing all GiST
       indexes on ltree columns after installing this update.  (Note that GiST
       indexes on ltree[] columns, that is arrays of ltree, are not affected.)
Checksums-Sha1:
 fd433b3f00fbdc93c93d4e8dce4dbd7f59f0f4e9 3721 postgresql-14_14.3-1.dsc
 340987764769dd11873077cf81c46ba0a4fb63e6 22092190 postgresql-14_14.3.orig.tar.bz2
 f0693d5a5d51d04e841e41132975b0ff6ea636aa 24196 postgresql-14_14.3-1.debian.tar.xz
Checksums-Sha256:
 82be2d1913329283cd1dbd7d77c2ad5a16a5adfe7d5ee9cd4293f65514ecfb59 3721 postgresql-14_14.3-1.dsc
 279057368bf59a919c05ada8f95c5e04abb43e74b9a2a69c3d46a20e07a9af38 22092190 postgresql-14_14.3.orig.tar.bz2
 de46fc379bdc1cd9dc08be710c03b0da5b78ecb6c02a74763558a38d4c69a497 24196 postgresql-14_14.3-1.debian.tar.xz
Files:
 1aa52786e8b76bb19567490b1c0538fc 3721 database optional postgresql-14_14.3-1.dsc
 c83c28c774dd55b078f7dae0e30163be 22092190 database optional postgresql-14_14.3.orig.tar.bz2
 e4a37fe5c068dffc70f9108c154b724a 24196 database optional postgresql-14_14.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmJ7uUoACgkQTFprqxLS
p66XUQ//c8ouCGtQ2r8Z50gaVdZrzn3jQKDo5ieU1ruPuVFsE4++exscstWFVMey
1rQRf5YeQRRPaG+0IERNtt9A/iqJ7XOkY7lrWJsMIGQbw920FvWC7TkvE4rTywTp
Ars0tk6EbJ1brXgZhuDYN3KKkwP6p4IJDVZHNG+8HXk5CUxVnjTGJXPhzMFISkld
VLe6hB/wAQqQSi4m3zgduW8+I3SpRP8xfi3VBnfyAPhgH11ATBnEXqtysZu0l1Co
QMYX6O2D+gFClvDblRUJAjX/BOU7Mp/u8ySO9esvq2XBJWIIFczOL4OjrDrisjki
tgfxgT3z+w+gvz3N8FQ2/KSJpO/DNldYJaE/P1FY+sz70Mr/KoPXML0TL4cnuDRf
C8AJ8OB9FZSP37+rphDYmYDWpYtNsHeRmvg/twsQTY1+pFcLjQPsHJSE2ejzcXMp
Wzeo1iZhXhh9RuTyZZFKzWetss0REh16k7vh3mANngMNmOywUfgKBmlIY+h0tl5u
w92G+Vbcb84SmoZ6up7a+W6Sf+7j67YnTkvMy1njH1+ZuXLjIjuqhzs1NSpLh/Ll
V2H5Zdi4JaxPVW2edG7Bhha0XVeXY6Sfr9Y9VPSWYlCm3TI8oDDRZdo6crNUd/Qg
4KJQbHW9pGBR6+s4ZhC9/JAqQmxPngEO65doFRGbKDViUDbaO/s=
=YWa2
-----END PGP SIGNATURE-----