Accepted postgresql-15 15.5-0+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted postgresql-15 15.5-0+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 30 Nov 2023 06:47:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-15_15.5-0+deb12u1_source.changes
- Debian-source: postgresql-15
- Debian-suite: proposed-updates
- Debian-version: 15.5-0+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=+ApynTiiK74cGoZml40LJSH8jX2V8RHxnKsVnqGToec=; b=hsN1yv6f23BaYi63SNFSF7NdKK HjT0DBS/NLsLOJST6amX2tIxrCMpKzeLdF2vb+AXh4x9YnppQSB7ZPYq4DaJLj688E3dri7/Vq2Qu QaZjcOupLfHRviK4+CWec9N7kYBmVemIuMwYl1n6a2eD7kln/l3ktxrgbyQdZy4bb35KMRF49Oh9b 0FfcD3TQyRiArAIQeQS7596raFWO1lVdggFvzln298fJkFOlQA1iwWHA5AsODzoc1OWc38GLcEkzC 5j72YsY52ylqzMrMrLPdOsPLs7FKvN9HM8fU/fX5BOcQEt/jbtfjeJpKU+0Dy6zaI+G4AwS/2+kCA hi8ngvag==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1r8apI-005e5c-Cm@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Nov 2023 14:36:06 +0100
Source: postgresql-15
Architecture: source
Version: 15.5-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-15 (15.5-0+deb12u1) bookworm-security; urgency=medium
.
* New upstream version.
.
* Fix handling of unknown-type arguments in DISTINCT "any" aggregate
functions (Tom Lane)
.
This error led to a text-type value being interpreted as an unknown-type
value (that is, a zero-terminated string) at runtime. This could result
in disclosure of server memory following the text value.
.
The PostgreSQL Project thanks Jingzhou Fu for reporting this problem.
(CVE-2023-5868)
.
* Detect integer overflow while computing new array dimensions
(Tom Lane)
.
When assigning new elements to array subscripts that are outside the
current array bounds, an undetected integer overflow could occur in edge
cases. Memory stomps that are potentially exploitable for arbitrary
code execution are possible, and so is disclosure of server memory.
.
The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
(CVE-2023-5869)
.
* Prevent the pg_signal_backend role from signalling background workers
and autovacuum processes (Noah Misch, Jelte Fennema-Nio)
.
The documentation says that pg_signal_backend
cannot issue signals to superuser-owned processes. It was able to
signal these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process types
are fairly small so far as the core code goes (we'll just start
another one), but extensions might add background workers that are
more vulnerable.
.
Also ensure that the is_superuser parameter is set correctly in such
processes. No specific security consequences are known for that
oversight, but it might be significant for some extensions.
.
The PostgreSQL Project thanks Hemanth Sandrana and Mahendrakar
Srinivasarao for reporting this problem. (CVE-2023-5870)
.
* Fix misbehavior during recursive page split in GiST index build
(Heikki Linnakangas)
.
Fix a case where the location of a page downlink was incorrectly
tracked, and introduce some logic to allow recovering from such
situations rather than silently doing the wrong thing. This error could
result in incorrect answers from subsequent index searches. It may be
advisable to reindex all GiST indexes after installing this update.
.
* Prevent de-duplication of btree index entries for interval columns
.
There are interval values that are distinguishable but compare equal,
for example 24:00:00 and 1 day. This breaks assumptions made by btree
de-duplication, so interval columns need to be excluded from
de-duplication. This oversight can cause incorrect results from
index-only scans. Moreover, after updating amcheck will report an error
for almost all such indexes. Users should reindex any btree indexes on
interval columns.
.
* Rebase debian/patches/libpgport-pkglibdir.
Checksums-Sha1:
ef17427ffeddaab1542ec9c193748bf16cf4fe9a 3919 postgresql-15_15.5-0+deb12u1.dsc
1688b684c181a3173a3f2b76a12e83c8371facc8 23091780 postgresql-15_15.5.orig.tar.bz2
e17713becc5f0e0e4d946507a75174985631c203 25052 postgresql-15_15.5-0+deb12u1.debian.tar.xz
Checksums-Sha256:
0375551ce7ba7e8f5242e59cb20b944adcc6826f78422f2a436be6e99725e666 3919 postgresql-15_15.5-0+deb12u1.dsc
8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 23091780 postgresql-15_15.5.orig.tar.bz2
0cfb11525046064ad795faab3b68e4b450f2fda314ae3fa6555a7178b4674dfb 25052 postgresql-15_15.5-0+deb12u1.debian.tar.xz
Files:
5491dd9c4196d9ca0d0b15a37b5417d0 3919 database optional postgresql-15_15.5-0+deb12u1.dsc
9a7d6515408ecb5823546d0a3d7b318c 23091780 database optional postgresql-15_15.5.orig.tar.bz2
ba01d1504baeea53362003a1b443d704 25052 database optional postgresql-15_15.5-0+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmVOWEIACgkQTFprqxLS
p67iRRAAnc8R52bOrpFQZarxNI3M6yJmrL+3IT5Sm+2MCaZKpu0lLJNUvL7KPAvC
fl5ad55SFejPG5yZ63BSGSPhfZ0069uSIHXveWlOZJxEofh4GiWQZabNBeUEF4sh
9Wop444gyhhXCqlyS4yBjBt/7Suwode4w1ybSiL0sF1N3VCQwTOM+zmk9vDvZGxN
24ui6iOjV4iHRzyu781U4OgC7V2xZgfsstv5yYzDlH0LjEhpmxrejX98rPzP6tS6
wOxxNtI5tYS4Q+jCbNVj7T+hl0p1Jlw2jmikK5Wh7fHhsgexOaF4TyyPSXwpvqzI
UNYn6cn0J7Qd25IWViA1EdvMnkumdcQlPhlC5JwHZUoyuUm9ZPjl0m/UHDTHoIps
YEQyqst2XgqQLN8VAoTokAPnFjQhlH7z7St65m+1Ek2FKXXU/ddGzS0k/CIfhH8k
7F4VtIdVHKEefnjXC01yDBOdlx/v3I2jHAKtUBaRiPwkg+mmE+nZN2SuC5FAo3Ex
mxnk04QOgYQ2jAkwxKkztNuc5sSRCB3ObLcQHSiQNdRceptrjkzozh0sQrdaT8dh
GKQZsy8lS/s2rc7OL8zh0VOgOXGSX/uztkMTb9y6MT2BYXue02fXdj4a9xqVNmlv
dzcUXlvHX5JKWNtjJ6PBZfjdzRnycPB7lBknsAbvG93JXG60mRM=
=EfWn
-----END PGP SIGNATURE-----