Back to postgresql-15 PTS page

Accepted postgresql-15 15.4-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted postgresql-15 15.4-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 10 Aug 2023 12:38:00 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: postgresql-15_15.4-1_source.changes
Debian-source: postgresql-15
Debian-suite: unstable
Debian-version: 15.4-1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=EchWRPpar6q3yzUQS4EIskOJhfJ/ZSyG+X5xACwNV1s=; b=OEBWEKCCDxzVljBuuIUJxELtOT bP8AseLozgB4GASCuIZEbMoWw1j9TWLLObYZJT7HMV3zGxVKhwx5Es7b2Mpl4L5SQZhyjydnb3sEW D2qgWtHJYJCG00xhrO2n3LIpNJu20g6JthtEXntCXSwQxuj/QsS/22GJIVlOtq/3gAeJoqIhxSA+v 7OYffJdoo4QQHh2G9B6/hiEndsPFdQwwR+eyRrVg3ZTNSvDTfDCrSqo3tcrAeuAyhOQM0sqGsglWL cu/qYy4i8Mf2d6QLHaZBIEG5yEaQcrIOvxLiMbvCZTGVYFw15mseazp0FKDuucs4aBLr/1iHxF90H aAgz/vYQ==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1qU4vQ-001opV-3E@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Aug 2023 10:10:20 +0200
Source: postgresql-15
Architecture: source
Version: 15.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-15 (15.4-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + Disallow substituting a schema or owner name into an extension script if
       the name contains a quote, backslash, or dollar sign (Noah Misch)
 .
       This restriction guards against SQL-injection hazards for trusted
       extensions.
 .
       The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim
       Carey-Smith, and Christoph Berg for reporting this problem.
       (CVE-2023-39417)
 .
     + Fix MERGE to enforce row security policies properly (Dean Rasheed)
 .
       When MERGE performs an UPDATE action, it should enforce any UPDATE or
       SELECT RLS policies defined on the target table, to be consistent with
       the way that a plain UPDATE with a WHERE clause works.  Instead it was
       enforcing INSERT RLS policies for both INSERT and UPDATE actions.
 .
       In addition, when MERGE performs a DO NOTHING action, it applied the
       target table's DELETE RLS policies to existing rows, even though those
       rows are not being deleted.  While it's not a security problem, this
       could result in unwanted errors.
 .
       The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
       (CVE-2023-39418)
 .
   * Test-Depend on tzdata-legacy | tzdata (<< 2023c-8).
Checksums-Sha1:
 0cf97fc31a83276addc2ec2c6359940e5d6f9e96 3965 postgresql-15_15.4-1.dsc
 9024e68120af0f033d3331c7f298af5a7b2e2bce 22850355 postgresql-15_15.4.orig.tar.bz2
 235d84eb1635cbcd21fb28a317e32539fe466274 25160 postgresql-15_15.4-1.debian.tar.xz
Checksums-Sha256:
 2b4efdfd5d2a90af878b034cb3a7dbd198465759a0f4826e285f54b99f6f5e5d 3965 postgresql-15_15.4-1.dsc
 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 22850355 postgresql-15_15.4.orig.tar.bz2
 a70d90764e75f6df949ef834aef7af294881ef996d9a7e47a4fe61a464f0c732 25160 postgresql-15_15.4-1.debian.tar.xz
Files:
 6fea07d9187a4395b76034b7de97969f 3965 database optional postgresql-15_15.4-1.dsc
 f2f861fb99d742cb9c2f8aa46a8a947d 22850355 database optional postgresql-15_15.4.orig.tar.bz2
 755663bcf159c57865be06ef63dcc2bb 25160 database optional postgresql-15_15.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmTU19sACgkQTFprqxLS
p66eBBAAjW5HG9iulFhwK9cYMOOYFBbKbwhTUfyHDXfF7aI/IA8AsUUKbPenmtbS
hb4ThZXjaHYaYAljJ1OOMNEFgfGqPkqjcW8tgJPZo3kA/zQV2D+H5V5V7fICF2W7
zgoRDdeY4XPYIJqhJEYXP32lXZpILqXUla/7phNc7isG6wdNe8Ne6j9WW2QwrL1s
SeRyPRBVrTdxbUtfg3pYbq/012GbRfC3q1ceUvAldSK52LcXglm3KZX5JNWOY6Ll
KMVK57ySyiB6CzO/qEO2o8fPVf6+N2sHsxyq3x2qf1wFAtaDxWnn3PM+6T1YzbTG
pPzjqFVw2NwpxHQcAEFGL1TTWNWxbwKXJIKHpp8rEKRnh/92MxOn6sULNJNJG1u/
8e7f9EEyxor7QgsgYEu1oxKS0L07RFc0KQ5/32etRgEP85iBTbMJcElEczqwV1yV
zYjyB2nP4+3vEOyYDKD14d5Yjzb0PPhQQ/FqIMTQBEwWXYZzbGxk3z315cV+im2x
rReY1bzNN79+l3IBp9OuxdpthQU4lHkpZllGOG3HiGo9E6gUo5DCmp0o4L8Sz8Td
tT4TFb49u3a2Ln6+nqkE8pzBemm5YfqVYFGL3T5zfdeUwn7kqvtIxlreXhdSxFO9
LQqndg4Jvt1GgPLgcwmng89PKqMk9DC2eOOlS5AyVlbmYTu9h0w=
=iUN0
-----END PGP SIGNATURE-----