[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted postgresql-13 13.16-0+deb11u1 (source) into oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Aug 2024 16:09:15 +0200
Source: postgresql-13
Architecture: source
Version: 13.16-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-13 (13.16-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version.
 .
     + Prevent unauthorized code execution during pg_dump (Masahiko Sawada)
 .
       An attacker able to create and drop non-temporary objects could inject
       SQL code that would be executed by a concurrent pg_dump session with the
       privileges of the role running pg_dump (which is often a superuser).
       The attack involves replacing a sequence or similar object with a view
       or foreign table that will execute malicious code.  To prevent this,
       introduce a new server parameter restrict_nonsystem_relation_kind that
       can disable expansion of non-builtin views as well as access to foreign
       tables, and teach pg_dump to set it when available.  Note that the
       attack is prevented only if both pg_dump and the server it is dumping
       from are new enough to have this fix.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2024-7348)
Checksums-Sha1:
 32d573b94e33fbffbe8e1820d1ce38fd1eaf40e9 3703 postgresql-13_13.16-0+deb11u1.dsc
 a2465d5086abb2b2ff9115541cae404f869dfa0f 21639411 postgresql-13_13.16.orig.tar.bz2
 e8bdc30531b4382becf4d20965fa7e5d4255751b 35060 postgresql-13_13.16-0+deb11u1.debian.tar.xz
Checksums-Sha256:
 c1c95c213760880a6b86a38b95c27cc0559fc9db98955579eb95b7176ac9dc2e 3703 postgresql-13_13.16-0+deb11u1.dsc
 c9cbbb6129f02328204828066bb3785c00a85c8ca8fd329c2a8a53c1f5cd8865 21639411 postgresql-13_13.16.orig.tar.bz2
 8c68c86c19f783c4ea8ade14c56998c5843d4fbde004e4253604652a0d55efdf 35060 postgresql-13_13.16-0+deb11u1.debian.tar.xz
Files:
 74bf5b7191a6e2604dff8989deadd2ae 3703 database optional postgresql-13_13.16-0+deb11u1.dsc
 111a4b3e1a91aeb72097a9bfa4b3b7dc 21639411 database optional postgresql-13_13.16.orig.tar.bz2
 d4b09448f03432189260e18a50326f79 35060 database optional postgresql-13_13.16-0+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAma00o4ACgkQTFprqxLS
p66ryQ//RAvWUTrHxFhKSdr04GWEpqbs21HA+iPU1pmMnAVQaXsK4UB8NFb7JToc
3ov3s64OcT4YALRCze5v++PznZBssJTsxfOyLQPKK5OQF7LdZtQdLbvl6tGMLyob
acRt+gghNPrNU0n1N+2P/xb6ReqwyCXNlu/q4uFghczE5xUsRAy98zRtZx/lO4wV
u+MPuyyeVb6RlQtjZy+evhHef6I7l91c9pyueVR/bRkeNqsXVmQSYMk+asa/+B4y
cl/n3vtZq+VShr2Dpn6u2XCq3uVsdj5HhRq8562w/LgvnUZMq7gjhi7cpUIhH7Ra
hT7TK36xK8fm2sHAqsF7A5Pu3YZjbFsjQoiN98KZCnPVuLc8MCGE3IKkPWkIglQ0
xajRtU0N4u2bXVLiv8PvysYL1dDKm2yZcOBRxuwBEkSH7zWpqJxC9ez2LxpvU2Fu
ZEYn9EvJ5QaskF+HsYjSlhxUsjDuuSG1G04lPRiPbNDg7ATVwORXAvUGkJgSngKS
lO404kKDFF7Z2PI3HonMY/RXr/Q7N7QAbf1okO7WIvEOmxqd0LPG640C01t8cB0/
se4fs0wymVSFqrk9O+1JQjlu0+xKCfVLGEYofUSO5fEJ26P1K0IqD7oDhMjn01KR
MgE1NJptitvHBXi/qqskXruhcuuYbG7jAc7xIY7z+I9/50ih/Ws=
=A1Fm
-----END PGP SIGNATURE-----

Attachment: pgpGgzpm_eUxV.pgp
Description: PGP signature


Reply to: