Back to postgresql-15 PTS page

Accepted postgresql-15 15.4-0+deb12u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Oct 2023 21:50:06 +0200
Source: postgresql-15
Architecture: source
Version: 15.4-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-15 (15.4-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version.
 .
     + Disallow substituting a schema or owner name into an extension script if
       the name contains a quote, backslash, or dollar sign (Noah Misch)
       This restriction guards against SQL-injection hazards for trusted
       extensions.
       The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim
       Carey-Smith, and Christoph Berg for reporting this problem.
       (CVE-2023-39417)
 .
     + Fix MERGE to enforce row security policies properly (Dean Rasheed)
       When MERGE performs an UPDATE action, it should enforce any UPDATE or
       SELECT RLS policies defined on the target table, to be consistent with
       the way that a plain UPDATE with a WHERE clause works.  Instead it was
       enforcing INSERT RLS policies for both INSERT and UPDATE actions.
       In addition, when MERGE performs a DO NOTHING action, it applied the
       target table's DELETE RLS policies to existing rows, even though those
       rows are not being deleted.  While it's not a security problem, this
       could result in unwanted errors.
       The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
       (CVE-2023-39418)
Checksums-Sha1:
 283d957c3c2c32d2ff80f8643c0c876d031d28a4 3919 postgresql-15_15.4-0+deb12u1.dsc
 9024e68120af0f033d3331c7f298af5a7b2e2bce 22850355 postgresql-15_15.4.orig.tar.bz2
 8eeab041a0468b65e363d56e1871a52f82387a42 24052 postgresql-15_15.4-0+deb12u1.debian.tar.xz
Checksums-Sha256:
 a3c9f2258edbc09878698090467593df81f040aaf90bc623a0475b80a2bf3396 3919 postgresql-15_15.4-0+deb12u1.dsc
 baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 22850355 postgresql-15_15.4.orig.tar.bz2
 a3e9a415cdb637e607d50a18603b2611fe80d6a5b3bff12860900a007c60654e 24052 postgresql-15_15.4-0+deb12u1.debian.tar.xz
Files:
 969ac369421d54a355b6d93f2c198fb5 3919 database optional postgresql-15_15.4-0+deb12u1.dsc
 f2f861fb99d742cb9c2f8aa46a8a947d 22850355 database optional postgresql-15_15.4.orig.tar.bz2
 c4fe85144ffd53381d5561c684a85e70 24052 database optional postgresql-15_15.4-0+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmUZz1MACgkQTFprqxLS
p65aMQ/8CKoxgDbtFAT8S2ACve0gOtTQM4pyNjk4Mp4wQyWDgxGXayIps/M8DsTG
Ee6we1B+ZuD/8LrqmbY4/rbyVO0fUjpjLDxzfHmIVLq/5i/Cqc2iGQ55Pad+TPJ+
rK9Wj/syaIDq9b9D7pHNLaQVSuFLqGTCJqBmtfCMG0lMngFtYYRQh9m0TDqPG5ne
SbjCBjBjsBtawkxUP+hJNtV/t3zfA2qDkSOy12YFmPoj9kQVcXh3RsLvXCwhuY/s
IstC8ruZbCBpIM3RF7UbolMURv2TIGm/9ggPwWCxFUReiCIXdKr+vXNomgHNfgt1
maPWyZp6H3v1M3f838PEpkpKcaEEOfNdIT31bnIhkWNoSzzseyc82d8sfl8qXO5B
9QMenLUAXScRM8wEQJuWDPIzrjwRKjcpvrqHtqzLXLCNK6JYoYOjaC/2w3PpEkd3
7T4DNS0bwIsUU01CLlSt/8NofEbHC06ow6rVzKtnFjqStfoBoP+ShmRN3KQDVbOt
JYrAhjkvJudCAEqBVfTgfKyifHpxR9ohPodky9eMox/+2M8s0oYswXcoE0Jkdr7K
THbMkF+d/MbNHBCTw5z+vBqw6EtnyJrOzuaEYzU5K2jJRe9crgtSRLt8PvVFTx62
E+6eFp29S5B0own25bAnwrjL2KYfRHxpXGQoB5eNcg3pej39F28=
=izG4
-----END PGP SIGNATURE-----