Accepted postgresql-11 11.12-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted postgresql-11 11.12-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 15 May 2021 19:47:25 +0000
Message-id: <[🔎] E1li0Fx-0008yf-Vn@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 May 2021 16:42:10 +0200
Source: postgresql-11
Architecture: source
Version: 11.12-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-11 (11.12-0+deb10u1) buster-security; urgency=medium
 .
   * New upstream version.
 .
     + Prevent integer overflows in array subscripting calculations (Tom Lane)
 .
       The array code previously did not complain about cases where an array's
       lower bound plus length overflows an integer.  This resulted in later
       entries in the array becoming inaccessible (since their subscripts could
       not be written as integers), but more importantly it confused subsequent
       assignment operations.  This could lead to memory overwrites, with
       ensuing crashes or unwanted data modifications. (CVE-2021-32027)
 .
     + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
       target lists (Tom Lane)
 .
       If the UPDATE list contains any multi-column sub-selects (which give
       rise to junk columns in addition to the results proper), the UPDATE path
       would end up storing tuples that include the values of the extra junk
       columns. That's fairly harmless in the short run, but if new columns are
       added to the table then the values would become accessible, possibly
       leading to malfunctions if they don't match the datatypes of the added
       columns.
 .
       In addition, in versions supporting cross-partition updates, a
       cross-partition update triggered by such a case had the reverse problem:
       the junk columns were removed from the target list, typically causing an
       immediate crash due to malfunction of the multi-column sub-select
       mechanism. (CVE-2021-32028)
 .
     + Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for
       joined cross-partition updates (Amit Langote, Etsuro Fujita)
 .
       If an UPDATE for a partitioned table caused a row to be moved to another
       partition with a physically different row type (for example, one with a
       different set of dropped columns), computation of RETURNING results for
       that row could produce errors or wrong answers.  No error is observed
       unless the UPDATE involves other tables being joined to the target
       table. (CVE-2021-32029)
Checksums-Sha1:
 7bd49b50d5efac6148d280bdcc54fb715733b581 3745 postgresql-11_11.12-0+deb10u1.dsc
 4058af97fde72064c5fd18a508eda6a5526359df 20075485 postgresql-11_11.12.orig.tar.bz2
 f0fba10a41fcac64889eef7486a89b78c1c7e53f 27380 postgresql-11_11.12-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 7c33b4631e3724ba947ae15bd63c995c12fc401fdd05645a33c4cd46bccb2c41 3745 postgresql-11_11.12-0+deb10u1.dsc
 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 20075485 postgresql-11_11.12.orig.tar.bz2
 14b775753a19adae79bf383b7feb06f0cb1e844ebbea295287f33e4d881b478d 27380 postgresql-11_11.12-0+deb10u1.debian.tar.xz
Files:
 6d2cb5e70582ec2e92fd01be9f58849e 3745 database optional postgresql-11_11.12-0+deb10u1.dsc
 3746c96a0e8f546f5503ef7b50abd2ff 20075485 database optional postgresql-11_11.12.orig.tar.bz2
 6b901d80a7f58d721d28a2ce07a77b02 27380 database optional postgresql-11_11.12-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmCb/PAACgkQTFprqxLS
p65cWw/+M13I6BOUfL1BI66Lj/4lH/IXLY/JacM/2zNFQ+c2mdyz5K7KGjGCxQqC
01vKO7Q6JH2Cw+uhJVhm9v7oIbouDxG6Cddo/5ZyRrlTZItI3z8HWJl4olBwOGxl
+cQDLBwWjSH5jgRwWQPPWx5SqWA3CRKFnu57TbopdoHNfy3jQl7/lVAInSNXCYYV
7LELPWS0i+S/8+xpuruqVEjNDRh7RylhNCfwUTbRvcdvILiCijAsIQcYKe+tb7w+
Pn4F5OkRDHzb1O1x0afgP+s6qnIKtONKWpDuG9XV0KI03pxIIVz5vgq7nELKr9QR
dEdY83iGkOKSDZa97cQnyyEw0VjuDIZqXddPIudsNS543lKafF+BfapMIHlISLNS
hDNw9FF6kNg/s316xlBWtNpmE9MES0J8TAFndjYy4xMSD/8uLIkS+uE/MhecuRrO
pni3R1PCquZn5VBNdIPv1IVJpVOl1dHytukc7L3Y67ZcUBaP0ilooZ8nGV8+ChAk
1PTt/tf+oAtobOENActRltzNrjzTWtntK4bxSmtRulKDcrLWTglhIwTKVQhcFJSB
kMABblOxHuE1AHQKPYremYzaDcgyaxqTrL8bDs+LmkbISMyYbU8z1FwQ5kD3sbG1
TKe7YvVXiqVwHBvIkp2pxtBlkcwGNw8Tdx5VMXMS/b+Tg4VL2Mc=
=NzpI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted htmldoc 1.9.3-1+deb10u1 (source all amd64) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted prosody 0.11.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted htmldoc 1.9.3-1+deb10u1 (source all amd64) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted prosody 0.11.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread