[SECURITY] [DLA 3954-2] postgresql-13 - regression update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3954-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
November 21, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : postgresql-13
Version : 13.18-0+deb11u1
CVE ID : CVE-2024-10978
The fix for CVE-2024-10978 accidentally caused settings for role to not
be applied if they come from non-interactive sources, including previous
ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
For Debian 11 bullseye, this problem has been fixed in version
13.18-0+deb11u1.
We recommend that you upgrade your postgresql-13 packages.
For the detailed security status of postgresql-13 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-13
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmc/jngACgkQADoaLapB
CF/hnxAApELPMyQIMj5G9TM45vQYJyPBYCvohzhc5xBszqtj74T859vFkIw2mp+k
7apmHcedxBjk1RZeeHaKBHnbaOduzD6j0j1DptVMK5NVnoqd3/uys/5qnyeERjto
4ZKQXSfZzhglYFM4MVwe71ys3L42iXCMq7VlmmFPHKKo+Vo4TnU3hkMG9bjP+rt9
x9SDYtIRO9vdV28GJruwVvGMLgTpH/IO/IyphhJq60PrfD3VFCFldhZYZ9aLVXc9
NSC3Aujpbsm+hNnddNk9Y+YZha3BHsf+sJQppRCCSh7FpJvi+pZpOZ7Lk+Fmh0B8
EFqRH9HQRsZOunXHXgmgvf5G8Be3/xeJpaX2QRKSdP7bLG+IZM6mdfIW5C/DOJ1f
wMU6nC/8Hav+FJa9UCUSMzSXDetXsZxvhpPApktVdlAhp8RNY3eTYXITwtoEhE64
rSsXc1Yo8StykDRs61PtAyFUPPmflyjFPtkTwub8bbxvRw97R2InuSpsd7b+cECd
piPld6bJRIZ69bUHUbvZYR8qivyc7IQVHZMx3/N/qdPQhbRs72o8GoKY2+a4muPi
1Z6sH5NqbvpbdyLJZfO0GOHwRIQ9P+AfhrQVqrce0bfCQ6js9GJ2P1llU/zkG6kz
hHgqx1VOIUAm+30YNeDM/V1KPzifaTgrOEAAYuVkgA7O4NKRyPk=
=QEnf
-----END PGP SIGNATURE-----
Reply to: