Bug#1111076: bookworm-pu: package postgresql-15/15.14-0+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: postgresql-15@packages.debian.org
Control: affects -1 + src:postgresql-15
User: release.debian.org@packages.debian.org
Usertags: pu
New postgresql-15 version with some CVEs that didn't warrant a DSA.
Christoph
diff --git a/debian/changelog b/debian/changelog
index 2a1794b..0d15f12 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,63 @@
+postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium
+
+ * New upstream version 15.14.
+
+ + Tighten security checks in planner estimation functions (Dean Rasheed)
+
+ The fix for CVE-2017-7484, plus followup fixes, intended to prevent
+ leaky functions from being applied to statistics data for columns that
+ the calling user does not have permission to read. Two gaps in that
+ protection have been found. One gap applies to partitioning and
+ inheritance hierarchies where RLS policies on the tables should restrict
+ access to statistics data, but did not.
+
+ The other gap applies to cases where the query accesses a table via a
+ view, and the view owner has permissions to read the underlying table
+ but the calling user does not have permissions on the view. The view
+ owner's permissions satisfied the security checks, and the leaky
+ function would get applied to the underlying table's statistics before
+ we check the calling user's permissions on the view. This has been
+ fixed by making security checks on views occur at the start of planning.
+ That might cause permissions failures to occur earlier than before.
+
+ The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
+ (CVE-2025-8713)
+
+ + Prevent pg_dump scripts from being used to attack the user running the
+ restore (Nathan Bossart)
+
+ Since dump/restore operations typically involve running SQL commands as
+ superuser, the target database installation must trust the source
+ server. However, it does not follow that the operating system user who
+ executes psql to perform the restore should have to trust the source
+ server. The risk here is that an attacker who has gained
+ superuser-level control over the source server might be able to cause it
+ to emit text that would be interpreted as psql meta-commands. That would
+ provide shell-level access to the restoring user's own account,
+ independently of access to the target database.
+
+ To provide a positive guarantee that this can't happen, extend psql with
+ a \restrict command that prevents execution of further meta-commands,
+ and teach pg_dump to issue that before any data coming from the source
+ server.
+
+ The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
+ RyotaK for reporting this problem. (CVE-2025-8714)
+
+ + Convert newlines to spaces in names included in comments in pg_dump
+ output (Noah Misch)
+
+ Object names containing newlines offered the ability to inject arbitrary
+ SQL commands into the output script. (Without the preceding fix,
+ injection of psql meta-commands would also be possible this way.)
+ CVE-2012-0868 fixed this class of problem at the time, but later work
+ reintroduced several cases.
+
+ The PostgreSQL Project thanks Noah Misch for reporting this problem.
+ (CVE-2025-8715)
+
+ -- Christoph Berg <myon@debian.org> Wed, 13 Aug 2025 20:13:29 +0200
+
postgresql-15 (15.13-0+deb12u1) bookworm; urgency=medium
* New upstream version 15.13.
Reply to: