Back to postgresql-16 PTS page

Accepted postgresql-16 16.3-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 May 2024 11:24:26 +0200
Source: postgresql-16
Architecture: source
Version: 16.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-16 (16.3-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to
       the table owner (Nathan Bossart)
 .
       These views failed to hide statistics for expressions that involve
       columns the accessing user does not have permission to read.  View
       columns such as most_common_vals might expose security-relevant data.
       The potential interactions here are not fully clear, so in the interest
       of erring on the side of safety, make rows in these views visible only
       to the owner of the associated table.
 .
       The PostgreSQL Project thanks Lukas Fittl for reporting this problem.
       (CVE-2024-4317)
 .
       By itself, this fix will only fix the behavior in newly initdb'd
       database clusters.  If you wish to apply this change in an existing
       cluster, you will need to do the following:
 .
         In each database of the cluster, run the fix-CVE-2024-4317.sql script
         as superuser. In psql this would look like
           \i /usr/share/postgresql/16/fix-CVE-2024-4317.sql
         Any error probably indicates that you've used the wrong script
         version.  It will not hurt to run the script more than once.
 .
         Do not forget to include the template0 and template1 databases, or the
         vulnerability will still exist in databases you create later.  To fix
         template0, you'll need to temporarily make it accept connections.  Do
         that with
           ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
         and then after fixing template0, undo it with
           ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
Checksums-Sha1:
 de3905e5e9f1c180158ac8cd4b66fedcdeb026d7 4237 postgresql-16_16.3-1.dsc
 35ffeb5cc46dc773dfcd1f270d65a29777994b3a 24737644 postgresql-16_16.3.orig.tar.bz2
 b4459d0393955465a6b9b2bf699cbd758acf2f5b 31856 postgresql-16_16.3-1.debian.tar.xz
Checksums-Sha256:
 e0e58b8ff4305155b99f510f95ed48bc163d7b686572e432e1074ae865e6ec21 4237 postgresql-16_16.3-1.dsc
 331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 24737644 postgresql-16_16.3.orig.tar.bz2
 fda53b9c8d539d0437b8ccd99b0b379bc5a068d87104b94150c0b9e538ee405f 31856 postgresql-16_16.3-1.debian.tar.xz
Files:
 6dbc019a26008944f733cc9ef17b2d7e 4237 database optional postgresql-16_16.3-1.dsc
 68448849f923db194a07b9da9cc70a7d 24737644 database optional postgresql-16_16.3.orig.tar.bz2
 4b03c096abb68ca98644aef4367e092e 31856 database optional postgresql-16_16.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmY86rAACgkQTFprqxLS
p65duA/+LeQOzSBrLxNb8iS4YFuxaFlLan18RjVlYj9bbI1vLb17CzzzA2QKQUL+
FJ3KFH7/yTS1z1JYOBY75wXhykPDY3EiPxJ5ZBh7G4ktDwOiqmnCJlhX3fuwJLe1
LVzco1KF04dpft0gpgTEvZBXEtCNJpNyVfx9PXZOcsJGrIToBk1tlIyP0RNSrjYq
YtsiZ8f+0VBp4sYZQWUePubSvFhnhVGSADxRntpov7aAMApmYn+d3/6ocXYcpcSl
UmG8C4Rbl1b5llqk2kUFTiDCDUd0i0USJABBYkq64a4RGh5NchI4GIGam6fsT9iJ
Dn15aAlhIK/J608u8fvC4qpZ/GY327o23jbY7E0l3z9dMjRFvNCNMUP/m3uXgkWA
+gXvlb6EAf4JBOSKNwWFs0gunJhVp8QAOI1NfQUdOqLOsekx+l383xdkqHyRtoCQ
4OXtUSYYMzS2qJ2P0Tn+KDfrnFdcX+ZtL5gX57KKhtECrgLSvEhrMxnLc51f2gSC
l/WCHoIk6XL8+kpFEvLzJWclE9v7NQ5KjP3Hi97wcNv3pbCwQJYX9/liBPzNE791
0s0oT4SlhZg4bHyELZBrwzYvtCnJub68oAF5Yzoz0mcTClwsAQXb6C+2tXcLy+is
R6/4Zsg09REzwPDN2jF9CfZ9+GKBHCEfzOfEHLHQp02wm+JmIB0=
=9o4/
-----END PGP SIGNATURE-----

Attachment: pgp1oeNNU3Mwy.pgp
Description: PGP signature