Back to postgresql-9.6 PTS page

Accepted postgresql-9.6 9.6.19-0+deb9u1 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted postgresql-9.6 9.6.19-0+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 13 Aug 2020 09:00:14 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1k695q-0000fl-NI@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Aug 2020 10:32:13 +0200
Source: postgresql-9.6
Architecture: source
Version: 9.6.19-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-9.6 (9.6.19-0+deb9u1) stretch-security; urgency=medium
 .
   * New upstream version.
     + Make contrib modules' installation scripts more secure (Tom Lane)
 .
       Attacks similar to those described in CVE-2018-1058 could be carried out
       against an extension installation script, if the attacker can create
       objects in either the extension's target schema or the schema of some
       prerequisite extension.  Since extensions often require superuser
       privilege to install, this can open a path to obtaining superuser
       privilege.  To mitigate this risk, be more careful about the search_path
       used to run an installation script; disable check_function_bodies within
       the script; and fix catalog-adjustment queries used in some contrib
       modules to ensure they are secure.  Also provide documentation to help
       third-party extension authors make their installation scripts secure.
       This is not a complete solution; extensions that depend on other
       extensions can still be at risk if installed carelessly.
       (CVE-2020-14350)
Checksums-Sha1:
 fec48d20c7e39c59e0ccb4eccbc39e720129dbcb 3698 postgresql-9.6_9.6.19-0+deb9u1.dsc
 72cde73fffd187bbd2e6c1de6d473cf5578754d2 18880036 postgresql-9.6_9.6.19.orig.tar.bz2
 5ccba015e699624f7b83e65959c9d22e745aa0a1 30256 postgresql-9.6_9.6.19-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 47d25e579a0ce6b10a0be91ccd7f7d932b7d6d50b78c288c62e78a0f52522a2a 3698 postgresql-9.6_9.6.19-0+deb9u1.dsc
 61f93a94ccddbe0b2d1afaf03f04ba605d8af5b774ff9b830e5adeb50ab55cb0 18880036 postgresql-9.6_9.6.19.orig.tar.bz2
 af121bdb428a6677c097068a2c4cded67aa30fa1fd08af58fcda44c2043a64cb 30256 postgresql-9.6_9.6.19-0+deb9u1.debian.tar.xz
Files:
 5112bab6e118b6bfb18d7cdeaaaeb258 3698 database optional postgresql-9.6_9.6.19-0+deb9u1.dsc
 96d5f5f8e78eea6cada9d2e02718cc28 18880036 database optional postgresql-9.6_9.6.19.orig.tar.bz2
 fb9b5e1beffac17a7c39797df4cd7b8a 30256 database optional postgresql-9.6_9.6.19-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl80/ewACgkQTFprqxLS
p64yiQ/+O+tnXQY2AY6o/ApvgAdwsgr9+LJ04bEzxLD9tKZzYdxFEH7qm5poKtDO
pkHSm58q+V9My/hB3PlgGPnOUAlSX+IIF6a1he9GDc4wTOWjl7m0W81t2EU7YmVg
fIq1KxoYTfh2eJ5MCxeaFi5P83Plbl9ohFLEJzgPTUhw+ZIHfvtv8yTrIM+OGD2A
EhIpIhNQlhUCd5386Mbsw+iW4/XajSzONGqw2nI9XF4f7pgZ8E1ErEmjBVyKsOnE
LJBUyPoWA4lXMXtiJlTb65pJES/jrOd3y0Fb3SisQOiug3s2GP5+iKE3MzAA+0ny
EnH1GY7va7adH001PxiuPVzmPdpHlzO/B2/RQlu4lhlYTT4uz05OB2V9N7en7N5o
fbTDkGFxfVt31C9ZOAnky+XX6SVlRRsyExj4v1RFKTUZ75zdXrBctnb3trmEbRK6
f4PVwcZXgnPuDb4hv1RFkyHHuwQCCfYXSRqANJFeEh+22x0jv9Ewlq05stqZLnn2
pgbUKToPPVNK82KO9/otUEtHUr5AKdGf1KPqBTQj8G56gB+h/lCXpY4eT/ynvQvE
00x2MUOJQ9+yHsEeheZ7yNv+czpMlueG+T1ciaGy8biHN17rY1PkmGKvaPdYmt81
asMNSb1diLIlAMk+4ruNdCxHM2FIIkDYaQDifTxqR+4IJXrJEs4=
=gsDu
-----END PGP SIGNATURE-----