Accepted postgresql-15 15.3-0+deb12u1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted postgresql-15 15.3-0+deb12u1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 11 May 2023 19:21:02 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-15_15.3-0+deb12u1_source.changes
- Debian-source: postgresql-15
- Debian-suite: unstable
- Debian-version: 15.3-0+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=swWg3wnX+KXrMhWzn1Ts0zUMnQFQwhm9xMvvi+RHGao=; b=W2y95Fb/U90DrB9DPjtRHjTqOh oS2GLV1dBmZ1EHKdAVj1qK3Ap2JFIBXmuI7Z9YJUCLbW1x59CmCm1iUP6f1WmEoghVX2nHCv/yTBI /QqX4P+cikenqOZfA3sv7NgGvSVPFwACEE4ja/fEkM5BaYwkc5XWGqyCbNfc+ok4nBFOWsDMDYahs c7Ru2mGGMXylhDtwRoeTGhPOcOB6adiXHIm9uKb6Uh9QQ6AT3aK6iKUwlV1oDuIHsEtJyVAIOZhSW jkYUe0Z1qF0Pv45Rf+L1yqADOFL83V/zND8M/e8SfqPiFYjd5Url34FYM4I4M1qqDiR9mQ2nKBEFb Oo1FqPVw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pxBqY-00AoDJ-4c@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 May 2023 19:05:02 +0200
Source: postgresql-15
Architecture: source
Version: 15.3-0+deb12u1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-15 (15.3-0+deb12u1) unstable; urgency=medium
.
* New upstream version.
.
+ Prevent CREATE SCHEMA from defeating changes in search_path
(Report and fix by Alexander Lakhin, CVE-2023-2454)
.
Within a CREATE SCHEMA command, objects in the prevailing search_path,
as well as those in the newly-created schema, would be visible even
within a called function or script that attempted to set a secure
search_path. This could allow any user having permission to create a
schema to hijack the privileges of a security definer function or
extension script.
.
+ Enforce row-level security policies correctly after inlining a
set-returning function (Report by Wolfgang Walther, CVE-2023-2455)
.
If a set-returning SQL-language function refers to a table having
row-level security policies, and it can be inlined into a calling query,
those RLS policies would not get enforced properly in some cases
involving re-using a cached plan under a different role. This could
allow a user to see or modify rows that should have been invisible.
Checksums-Sha1:
f8d1b2b733408a97fcca537aa37c3c3d2215bc1c 3919 postgresql-15_15.3-0+deb12u1.dsc
f04aa7a548a9c86374ad17a61ee62a8e7ee80728 23600 postgresql-15_15.3-0+deb12u1.debian.tar.xz
Checksums-Sha256:
d57bfa81859ffb3156a6bf9c626830e9b732726a17448ff44c1696370933965e 3919 postgresql-15_15.3-0+deb12u1.dsc
a3d5dc516cccc5a32a68a5779ae885e159ed19cb38ebca4c235c0f33befd37ed 23600 postgresql-15_15.3-0+deb12u1.debian.tar.xz
Files:
7489c66d1420a2614c98f16d6cbc44d8 3919 database optional postgresql-15_15.3-0+deb12u1.dsc
da2b3d230298be30e2930d8eb8f16975 23600 database optional postgresql-15_15.3-0+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmRdPTIACgkQTFprqxLS
p664LRAAuRRf3Ngne4aSvMBWozZn9wmkTdW6J4Fi6+hUNM9iJmoS+xwRMJVcxNEA
VC+beDmNpGVPkGFtNRHQmEX23HWDYXiX6dznjmqyNMEGVcvwLRlKwCcAFUBuTFuK
HVqEJSfxjq1JKXU1u2Fj/BFnQzLwc8yqqH0rhEItYaH/p5GIrk74sjoJOKOJYLKh
qqe1kBhBn4wIMPej0zK5axcGODnr4PSi7D82DKTZ+6gGFmIx+ON1Jl8+4pAT+nAx
kAKEXEO3BMjU6oiIx63nMstappfwOIOWuvA+pVvZjgDkK4Qfhmxx3yCGIhEg+0i/
9WI65+5XHyJrzqdla28incfjKHKW61r9PAhR6HCjxpSUeTpo6lKqqJ+nXVWPd4nS
KYkbSUBtVqhHWEEmDhixdU9TROmZgwaxnlBD0tMkcRBUNlwGMW7m9di+P+cF8F2K
3pnViyubJ1dnPlC87dkfLjfhgWRRKh02alRiE/uyd5WQywD3D706kpFu02DmCs/9
685UJqc1lZZb7Quk7PmQOId1o2K6Dtgm2JiLazumwjWhI342mYh/BYqy0wovzwdT
P2ec1rV5bGI/p6RcxcQhD4BJh88SarQpJv1vOoknrR3LoWu6W5mZDnVuR4X1XTFt
Dd5taELpVwL0r31Mmdx+AISxj9KYy4n7SNuAkKorswSKXFA9aR8=
=fYvA
-----END PGP SIGNATURE-----