Back to postgresql-15 PTS page

Accepted postgresql-15 15.7-0+deb12u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 May 2024 11:24:26 +0200
Source: postgresql-15
Architecture: source
Version: 15.7-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-15 (15.7-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version.
 .
     + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to
       the table owner (Nathan Bossart)
 .
       These views failed to hide statistics for expressions that involve
       columns the accessing user does not have permission to read.  View
       columns such as most_common_vals might expose security-relevant data.
       The potential interactions here are not fully clear, so in the interest
       of erring on the side of safety, make rows in these views visible only
       to the owner of the associated table.
 .
       The PostgreSQL Project thanks Lukas Fittl for reporting this problem.
       (CVE-2024-4317)
 .
       By itself, this fix will only fix the behavior in newly initdb'd
       database clusters.  If you wish to apply this change in an existing
       cluster, you will need to do the following:
 .
         In each database of the cluster, run the fix-CVE-2024-4317.sql script
         as superuser. In psql this would look like
           \i /usr/share/postgresql/15/fix-CVE-2024-4317.sql
         Any error probably indicates that you've used the wrong script
         version.  It will not hurt to run the script more than once.
 .
         Do not forget to include the template0 and template1 databases, or the
         vulnerability will still exist in databases you create later.  To fix
         template0, you'll need to temporarily make it accept connections.  Do
         that with
           ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
         and then after fixing template0, undo it with
           ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
Checksums-Sha1:
 738f7799a5517dad48a8f33f2c0a13079d906c65 3919 postgresql-15_15.7-0+deb12u1.dsc
 19ba3004c650c32bb803d5b3f56c0446585c8fb3 23112318 postgresql-15_15.7.orig.tar.bz2
 80cae382f818dc88765d4c0fcb943c62faf78198 25824 postgresql-15_15.7-0+deb12u1.debian.tar.xz
Checksums-Sha256:
 57f0e1a9dd1bcaced27b76163cdf3477258145a68dc81f7ed87db8263a3ca4ac 3919 postgresql-15_15.7-0+deb12u1.dsc
 a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 23112318 postgresql-15_15.7.orig.tar.bz2
 2ffc0fd608d71ab8b2bd0cd00c6f870e3f73a31b64659e5b5555ac0c0e1cb697 25824 postgresql-15_15.7-0+deb12u1.debian.tar.xz
Files:
 aa0e842941f2ed2c5e4abf610729dd7a 3919 database optional postgresql-15_15.7-0+deb12u1.dsc
 d0a59b6d7a64075deca08dbf44f58d35 23112318 database optional postgresql-15_15.7.orig.tar.bz2
 c6b0fc037eba0ca6564696d8f6ef8b28 25824 database optional postgresql-15_15.7-0+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmY9IJ0ACgkQTFprqxLS
p67b+w/+P2pW0cNJp0af7xie1hxDS43sJjX91KYJMUBJmSkqEszSvhFhmxzYPu5s
U20IJsG4m4ZdgBWbKGafdO7ni0WajelwLECdnpEgD/syI8euNhCBnrSxGxom2OCk
OWOr0KOerwUJ0vK81u7E5Mq0dqd8uVxwnESRNKhC1V9C6QnbJ4cuycBCARHWFH8f
EuTLucecs7OzCwpo25tx+PooP9fFwLHG9GgxFAZfEbrsD6+JN5XjrK6po1VHu4fU
y+kVWVW9K7AweCXH0MDh3HSAK+iISouz04Mn2Z2Fp0Lj1fSyMhvIp4tprxWAZaN4
4ui9U9bq7aW4cYmCpSRr9y0na0mFSKijUgcxTwdElOiAwqvFnD8wmCfWlTnY+W5d
gRb3B73q1Y+DmXuN6J0DZsyQf0/NOTLkz1TqAWXhAEVg5FrZiQ74z+RyVkGNPB4l
9KKVxJX5V4hKRP7bfhkvvTui7rBzPxaRVDVfaJdhpbzst5fwK2yPTWeZleiTM4Gs
I5Ho6tKcl9+ys/BqleOOjZofev3+WIZMkSTBIjZW8GD3g6u02MRwpCaCcpNb4u5G
BJxB81bIT6ERxl6mFQymB2b/fm2EFNpcTjh1rrf0wz3ajwV1pWkr6EPzR6cVJiX1
5JiCpoXKBEXWI5YMhSJ9ZU16/dGllR2R2e9FYGeSSrA+3t5ckKA=
=zeS5
-----END PGP SIGNATURE-----

Attachment: pgpxGFfkeQm8n.pgp
Description: PGP signature