Accepted postgresql-16 16.1-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted postgresql-16 16.1-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 10 Nov 2023 16:51:01 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: postgresql-16_16.1-1_source.changes
- Debian-source: postgresql-16
- Debian-suite: unstable
- Debian-version: 16.1-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=zrPzP42tuvA6Zg6RAf/oqmkEtBB6Tcp8DqXwH2Q7i4Y=; b=nY0dERESyiEvLxtu7DAP+HPTwY 8FNOqWIA/a3qZnascbSwsuxDdbAA7/kJPBjs49xMX/jthHOi1XK2XJHgz3q2JwtzPTd/yQmZhLN5a 7McyZ5bsIfw+FPpIKXamWOyqNSzOaNnXOghGE2l219cp6k9V8NilG59LcYsvuJzqnuV+RGwpT9iGu ihUdjswKkCaXey42z+cAjR0dcYcoXrSCYoxVPfIEJaVy6itpx8BDG/mr2G49ZLm0lruB9T0dDYq5O OXv1t3MbhAI3r1ZhoUbMJRqJrcGKeW6UsUfv/peC0c4UjIxn2ODpOVsh8jqiKMi4Btw4H5ZDkF5Da NF+oGbEA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1r1Uij-00EaiE-1D@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Nov 2023 14:18:31 +0100
Source: postgresql-16
Architecture: source
Version: 16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-16 (16.1-1) unstable; urgency=medium
.
* New upstream version.
.
* Fix handling of unknown-type arguments in DISTINCT "any" aggregate
functions (Tom Lane)
.
This error led to a text-type value being interpreted as an unknown-type
value (that is, a zero-terminated string) at runtime. This could result
in disclosure of server memory following the text value.
.
The PostgreSQL Project thanks Jingzhou Fu for reporting this problem.
(CVE-2023-5868)
.
* Detect integer overflow while computing new array dimensions
(Tom Lane)
.
When assigning new elements to array subscripts that are outside the
current array bounds, an undetected integer overflow could occur in edge
cases. Memory stomps that are potentially exploitable for arbitrary
code execution are possible, and so is disclosure of server memory.
.
The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
(CVE-2023-5869)
.
* Prevent the pg_signal_backend role from signalling background workers
and autovacuum processes (Noah Misch, Jelte Fennema-Nio)
.
The documentation says that pg_signal_backend
cannot issue signals to superuser-owned processes. It was able to
signal these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process types
are fairly small so far as the core code goes (we'll just start
another one), but extensions might add background workers that are
more vulnerable.
.
Also ensure that the is_superuser parameter is set correctly in such
processes. No specific security consequences are known for that
oversight, but it might be significant for some extensions.
.
The PostgreSQL Project thanks Hemanth Sandrana and Mahendrakar
Srinivasarao for reporting this problem. (CVE-2023-5870)
.
* Fix misbehavior during recursive page split in GiST index build
(Heikki Linnakangas)
.
Fix a case where the location of a page downlink was incorrectly
tracked, and introduce some logic to allow recovering from such
situations rather than silently doing the wrong thing. This error could
result in incorrect answers from subsequent index searches. It may be
advisable to reindex all GiST indexes after installing this update.
.
* Prevent de-duplication of btree index entries for interval columns
.
There are interval values that are distinguishable but compare equal,
for example 24:00:00 and 1 day. This breaks assumptions made by btree
de-duplication, so interval columns need to be excluded from
de-duplication. This oversight can cause incorrect results from
index-only scans. Moreover, after updating amcheck will report an error
for almost all such indexes. Users should reindex any btree indexes on
interval columns.
.
* Use default LLVM version; package is now compatible with LLVM 16.
* Rebase debian/patches/libpgport-pkglibdir.
Checksums-Sha1:
c1aa62591e1dc5914c17f49311cc90b2bbbe9ff0 4187 postgresql-16_16.1-1.dsc
7b335f3dbb9f566fa021f255650178b7c9642df2 24605482 postgresql-16_16.1.orig.tar.bz2
c7cce7fde3427a62be1421055edbc2bb12d28830 30640 postgresql-16_16.1-1.debian.tar.xz
Checksums-Sha256:
ca8f7b31e77c2ff09c6ded2c0964fcfd5a61a30b7bd865e9b6debd9c754910cf 4187 postgresql-16_16.1-1.dsc
ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec 24605482 postgresql-16_16.1.orig.tar.bz2
86eb655649921d52b6027e7fa40403ec44e743647962158df5a8c4ebf4ff5294 30640 postgresql-16_16.1-1.debian.tar.xz
Files:
f702e4c219a089f866deb7663aa53fbc 4187 database optional postgresql-16_16.1-1.dsc
9cbfb9076ed06384471802b850698a6d 24605482 database optional postgresql-16_16.1.orig.tar.bz2
58e7765249c5e263f7adda7a2ca8dd5e 30640 database optional postgresql-16_16.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmVOXIYACgkQTFprqxLS
p64wnhAAszaUo1bvl16rW4JKFxD0QLvh4dix13X6HCUXOODsVcjab7rHIP1wlL+l
DFhCgK/6VeyWR6ajalYnovA4KMCPKdX1OiMjcGQPy5VIKKLnaQLoAtkXWGCf7jr3
WQfICi0IVYeDFqsoqBqKGXM/MA09J8jQBijERuqejS0SrHNq8d0Ch+C87MFvHHsg
GbByLGJUSqQCTlZWds/hIQANpYm8MVRwDd8/4PyoCtMX9y/8/PVBI5siIAgAIvk8
hKUyZkGEZkO+Lmt9TFCgskhSroDkDLuaANohlvGhKq5Gl567FUpR3FYLNWmNvByg
0k60gyf/mP7Mo8xF4HCoThB9ya3TtnuYuUvsL/oUgtl16TmQRB2/q872a1ysiJne
29sSV6wWuCLc7RjzOC/8rBUcoqhH+hgl+CzhP87QP8w+mX+84VUEinsehffsptup
PLNZqMMF2IQ5MGL6BDAbO4B7IcrVRLUkk/9z11g9ya2RrLrq+LNYAISqcmhr77mA
VZPm+HWIZGIoGv6Dyox5GdnapwipuLUwzplQDlXQY+vnuR3CFudvNaV8JRKNFJ94
NFN9fiFACI3iS1jJts490gpJKKKs6JUu7OJEjeq3BM9ht4pbwkU/u9IDvZLEl56j
AEVfAQ7Klw5tujFXFqEaJYtloO7Ut696PiJIcwN1F9yh0xO1FHY=
=J+JV
-----END PGP SIGNATURE-----