1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted postgresql-13 13.16-0+deb11u1 (source) into oldstable-proposed

    From Debian FTP Masters@21:1/5 to All on Sat Aug 10 19:40:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 07 Aug 2024 16:09:15 +0200
    Source: postgresql-13
    Architecture: source
    Version: 13.16-0+deb11u1
    Distribution: bullseye-security
    Urgency: medium
    Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org>
    Changes:
    postgresql-13 (13.16-0+deb11u1) bullseye-security; urgency=medium
    .
    * New upstream version.
    .
    + Prevent unauthorized code execution during pg_dump (Masahiko Sawada)
    .
    An attacker able to create and drop non-temporary objects could inject
    SQL code that would be executed by a concurrent pg_dump session with the
    privileges of the role running pg_dump (which is often a superuser).
    The attack involves replacing a sequence or similar object with a view
    or foreign table that will execute malicious code. To prevent this,
    introduce a new server parameter restrict_nonsystem_relation_kind that
    can disable expansion of non-builtin views as well as access to foreign
    tables, and teach pg_dump to set it when available. Note that the
    attack is prevented only if both pg_dump and the server it is dumping
    from are new enough to have this fix.
    .
    The PostgreSQL Project thanks Noah Misch for reporting this problem.
    (CVE-2024-7348)
    Checksums-Sha1:
    32d573b94e33fbffbe8e1820d1ce38fd1eaf40e9 3703 postgresql-13_13.16-0+deb11u1.dsc
    a2465d5086abb2b2ff9115541cae404f869dfa0f 21639411 postgresql-13_13.16.orig.tar.bz2
    e8bdc30531b4382becf4d20965fa7e5d4255751b 35060 postgresql-13_13.16-0+deb11u1.debian.tar.xz
    Checksums-Sha256:
    c1c95c213760880a6b86a38b95c27cc0559fc9db98955579eb95b7176ac9dc2e 3703 postgresql-13_13.16-0+deb11u1.dsc
    c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 21639411 postgresql-13_13.16.orig.tar.bz2
    8c68c86c19f783c4ea8ade14c56998c5843d4fbde004e4253604652a0d55efdf 35060 postgresql-13_13.16-0+deb11u1.debian.tar.xz
    Files:
    74bf5b7191a6e2604dff8989deadd2ae 3703 database optional postgresql-13_13.16-0+deb11u1.dsc
    111a4b3e1a91aeb72097a9bfa4b3b7dc 21639411 database optional postgresql-13_13.16.orig.tar.bz2
    d4b09448f03432189260e18a50326f79 35060 database optional postgresql-13_13.16-0+deb11u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAma00o4ACgkQTFprqxLS p66ryQ//RAvWUTrHxFhKSdr04GWEpqbs21HA+iPU1pmMnAVQaXsK4UB8NFb7JToc 3ov3s64OcT4YALRCze5v++PznZBssJTsxfOyLQPKK5OQF7LdZtQdLbvl6tGMLyob acRt+gghNPrNU0n1N+2P/xb6ReqwyCXNlu/q4uFghczE5xUsRAy98zRtZx/lO4wV u+MPuyyeVb6RlQtjZy+evhHef6I7l91c9pyueVR/bRkeNqsXVmQSYMk+asa/+B4y cl/n3vtZq+VShr2Dpn6u2XCq3uVsdj5HhRq8562w/LgvnUZMq7gjhi7cpUIhH7Ra hT7TK36xK8fm2sHAqsF7A5Pu3YZjbFsjQoiN98KZCnPVuLc8MCGE3IKkPWkIglQ0 xajRtU0N4u2bXVLiv8PvysYL1dDKm2yZcOBRxuwBEkSH7zWpqJxC9ez2LxpvU2Fu ZEYn9EvJ5QaskF+HsYjSlhxUsjDuuSG1G04lPRiPbNDg7ATVwORXAvUGkJgSngKS lO404kKDFF7Z2PI3HonMY/RXr/Q7N7QAbf1okO7WIvEOmxqd0LPG640C01t8cB0/ se4fs0wymVSFqrk9O+1JQjlu0+xKCfVLGEYofUSO5fEJ26P1K0IqD7oDhMjn01KR MgE1NJptitvHBXi/qqskXruhcuuYbG7jAc7xIY7z+I9/50ih/Ws=
    =A1Fm
    -----END PGP SIGNATURE-----


    --==============I83816624452383601=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZrekiQAKCRCb9qggYcy5 IQNsAP99NmmLAtkccdcixU/xsG9DsUZbRXpOD9yx8viF1DxNCQD+OTHj29SIW1ZV 6lV1b137+1QSKmztVGycVAUQiGM5DgI=rd93
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)