changes_fields:
Architecture: amd64 all
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6
libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym
postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym
postgresql-doc-15 postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15
postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym
postgresql-server-dev-15
Changed-By: Christoph Berg <myon@debian.org>
Changes: |2-
postgresql-15 (15.8-0+deb12u1) bookworm-security; urgency=medium
.
* New upstream version.
.
+ Prevent unauthorized code execution during pg_dump (Masahiko Sawada)
.
An attacker able to create and drop non-temporary objects could inject
SQL code that would be executed by a concurrent pg_dump session with the
privileges of the role running pg_dump (which is often a superuser).
The attack involves replacing a sequence or similar object with a view
or foreign table that will execute malicious code. To prevent this,
introduce a new server parameter restrict_nonsystem_relation_kind that
can disable expansion of non-builtin views as well as access to foreign
tables, and teach pg_dump to set it when available. Note that the
attack is prevented only if both pg_dump and the server it is dumping
from are new enough to have this fix.
.
The PostgreSQL Project thanks Noah Misch for reporting this problem.
(CVE-2024-7348)
.
* Refresh debian/patches/focal-arm64-outline-atomics.
Checksums-Sha1:
- name: libecpg-compat3-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 9f939a1c1a315a7d61e17703befbff125f227ab3
size: '38108'
- name: libecpg-compat3_15.8-0+deb12u1_amd64.deb
sha1: 76938d2a24110f35daa1353bca0921b625b77bfa
size: '22576'
- name: libecpg-dev-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 8c530b5de6e2b3eb4acb224f8fbf1c1072824a41
size: '280884'
- name: libecpg-dev_15.8-0+deb12u1_amd64.deb
sha1: 6862fb7da46cb80dc8a82cdee0e565c4b650d784
size: '295392'
- name: libecpg6-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: d733e6be988a237679ce48be78690a7b863cc3c2
size: '113160'
- name: libecpg6_15.8-0+deb12u1_amd64.deb
sha1: 09cab1289a60818b8afdc0632d1f2ad2b6ebfb2e
size: '60672'
- name: libpgtypes3-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 90844f6c11aee5153eeee92893caad1e4d7016c9
size: '88324'
- name: libpgtypes3_15.8-0+deb12u1_amd64.deb
sha1: 12b1f75a75e5740c18d6dd9b78221c550854e4c1
size: '44264'
- name: libpq-dev_15.8-0+deb12u1_amd64.deb
sha1: 5ea4e70d99dad5213f30e6a1444ae6d7c77d51d4
size: '143764'
- name: libpq5-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: c9ba739ec24687d034bf87b771f8ff974ed896a6
size: '277124'
- name: libpq5_15.8-0+deb12u1_amd64.deb
sha1: 91f5daa17d6780fb653a7e4346ea68094f49ecc9
size: '188308'
- name: postgresql-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 723b9c5d7741dd63d97b15e23dc58792b7d73c4e
size: '16883336'
- name: postgresql-15_15.8-0+deb12u1_amd64.buildinfo
sha1: 18422687b0c8732e691247a40817f611320b4586
size: '16568'
- name: postgresql-15_15.8-0+deb12u1_amd64.deb
sha1: 287e50fcfea93283405a2fb8d6ff8de05e9ca6a9
size: '16801768'
- name: postgresql-client-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: db1d895e58d06367f86bb90461aeb67507ce750c
size: '2420168'
- name: postgresql-client-15_15.8-0+deb12u1_amd64.deb
sha1: ec41111402c38f60104d4fa9b6175637e41ecf36
size: '1701264'
- name: postgresql-doc-15_15.8-0+deb12u1_all.deb
sha1: 9e7a4fe7e15b9240a486b3aa93b7a6d1cc50948f
size: '2043012'
- name: postgresql-plperl-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 9adf2020e98db40ce030e0dbebec9239b1c3054c
size: '186756'
- name: postgresql-plperl-15_15.8-0+deb12u1_amd64.deb
sha1: f2e456590bf813f62b3c6a3defd7d7734b426be4
size: '89584'
- name: postgresql-plpython3-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: babe0f385434b2dae39c028c2918b9efb6141673
size: '178368'
- name: postgresql-plpython3-15_15.8-0+deb12u1_amd64.deb
sha1: 1df49b7079bfa68841ecb55cd77761cd98595fb9
size: '110992'
- name: postgresql-pltcl-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha1: 00e0a6242aa7185e47d561e58b88b8196f904119
size: '79580'
- name: postgresql-pltcl-15_15.8-0+deb12u1_amd64.deb
sha1: 790639478518fa87d38bdc445d70ba0c124ea159
size: '41688'
- name: postgresql-server-dev-15_15.8-0+deb12u1_amd64.deb
sha1: ac316f6b54a94dd089fa55b46b042ea244ca898d
size: '1143564'
Checksums-Sha256:
- name: libecpg-compat3-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: cd786d5e984948995e398fe42cc390ec087d4b945a269377651e14c7648b7e39
size: '38108'
- name: libecpg-compat3_15.8-0+deb12u1_amd64.deb
sha256: e0147f9cec8e3e47e49dada8d61d17b85d308e09243deda1026008577c94c6dd
size: '22576'
- name: libecpg-dev-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: cbe20eca71f1f556eab234295069251f334ab25ae31d3fcde926ba585a3386e6
size: '280884'
- name: libecpg-dev_15.8-0+deb12u1_amd64.deb
sha256: eb5a19272b885b31edea1086277efa8714b3f5eab6da93544ae0667e6a9e043d
size: '295392'
- name: libecpg6-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 9fc77e921abc466fb45ff01171017bcee5aaaee4cf5df10ed961a5d26174e5f9
size: '113160'
- name: libecpg6_15.8-0+deb12u1_amd64.deb
sha256: 9b36508135c6297f0186878ed38a469a7c2a4be41370a0f84ec7b52b866fa06d
size: '60672'
- name: libpgtypes3-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 8c0666569b0aa0a61482c4faf75aae32e2e8c0905db2b1681b18c127ea5c514f
size: '88324'
- name: libpgtypes3_15.8-0+deb12u1_amd64.deb
sha256: 47580186218910f0f366619dc72d020dad268a2317d9152f5d68a2661c248d2c
size: '44264'
- name: libpq-dev_15.8-0+deb12u1_amd64.deb
sha256: d412a5b703076456955b73825606f00a31a56858961ecbfd2b99597d43e36365
size: '143764'
- name: libpq5-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 0b9f3a36c54556f4c573d609c558bd6cf3ea16f1d96b6f4e11eb7ed8c25a7058
size: '277124'
- name: libpq5_15.8-0+deb12u1_amd64.deb
sha256: 22375713de4c05255fcb4d7285b0fd02b3e645f3dad61261cbd5010cd84bd9de
size: '188308'
- name: postgresql-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: cae3b76054f6d3d9fd2b50aa6cf110f3184297323ca36d1b42937bb933642c0b
size: '16883336'
- name: postgresql-15_15.8-0+deb12u1_amd64.buildinfo
sha256: a13392d38faf689704adad9b09d9ed6a16854ba9110dd4370fb2d4572a129481
size: '16568'
- name: postgresql-15_15.8-0+deb12u1_amd64.deb
sha256: b9e2fe8d8b9f2bcac5679d17ede537ee52f71e38587346c4ef9682f1ba54a282
size: '16801768'
- name: postgresql-client-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 56f2fbae32233ea9fa2eeef980132ceff30b59fcf5fcb1ee8a1758c5b3ece876
size: '2420168'
- name: postgresql-client-15_15.8-0+deb12u1_amd64.deb
sha256: 203adef21bb13871ab1122b098c2074144d676cc925023e9e5fd869fff95e6f4
size: '1701264'
- name: postgresql-doc-15_15.8-0+deb12u1_all.deb
sha256: 9540abf01606cc8993ffb4f6c875de27ca130eeda7d51814afacf11a5d0e607d
size: '2043012'
- name: postgresql-plperl-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 3bbead00b3c9b1cc4e76ea4f74c9d03737335a9e95f67a991b3fbac3f7dc7b4a
size: '186756'
- name: postgresql-plperl-15_15.8-0+deb12u1_amd64.deb
sha256: e2846c29a15380472bbded77dff497d793ed47c7e29bf6fd08ad207d180d88ec
size: '89584'
- name: postgresql-plpython3-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 07608c25f592a348178c01eef8d0cfe32e2bfd6824c732bf04df7458dc2b2252
size: '178368'
- name: postgresql-plpython3-15_15.8-0+deb12u1_amd64.deb
sha256: 4ea1ea4cfa226327ced358fe0df8035cd90a2e47d6ea3f8ccbd912b0e7944b57
size: '110992'
- name: postgresql-pltcl-15-dbgsym_15.8-0+deb12u1_amd64.deb
sha256: 6e382dd12d2f44c3360f125800d5b63763a7b44874d980f4db265b9e7d602212
size: '79580'
- name: postgresql-pltcl-15_15.8-0+deb12u1_amd64.deb
sha256: d3a0c0d622a64c7563e0a9d76411bd046a89cfeaf17d3aa5be1b7966dd07fc3c
size: '41688'
- name: postgresql-server-dev-15_15.8-0+deb12u1_amd64.deb
sha256: a54a10312720a84f40c092b7c81de782cced429fa96798ca521f682c320ddc80
size: '1143564'
Date: Wed, 07 Aug 2024 15:24:37 +0200
Description: |2-
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 15
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-15 - The World's Most Advanced Open Source Relational Database
postgresql-client-15 - front-end programs for PostgreSQL 15
postgresql-doc-15 - documentation for the PostgreSQL database management system
postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Distribution: bookworm
Files:
- md5sum: 0e96f32c7295174e96e21a137c548c10
name: libecpg-compat3-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '38108'
- md5sum: b6d3ade20bf13d7be1307c3b476138b1
name: libecpg-compat3_15.8-0+deb12u1_amd64.deb
priority: optional
section: libs
size: '22576'
- md5sum: 66f32f0f296517b122f3701e913254ba
name: libecpg-dev-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '280884'
- md5sum: db0b21fbb2f70ad4b7766057dd5e2b76
name: libecpg-dev_15.8-0+deb12u1_amd64.deb
priority: optional
section: libdevel
size: '295392'
- md5sum: 107297016cdaa7f9d8b9fee3eaad6344
name: libecpg6-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '113160'
- md5sum: 56783d82b9d5aa26913c006ae83b6088
name: libecpg6_15.8-0+deb12u1_amd64.deb
priority: optional
section: libs
size: '60672'
- md5sum: 5a45bc8b9d5794bc9fd57b842ac75f7f
name: libpgtypes3-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '88324'
- md5sum: 8d7c97d11a5cbdb387d16510d5f2a260
name: libpgtypes3_15.8-0+deb12u1_amd64.deb
priority: optional
section: libs
size: '44264'
- md5sum: 5db5c109b124aecc339499f02e225572
name: libpq-dev_15.8-0+deb12u1_amd64.deb
priority: optional
section: libdevel
size: '143764'
- md5sum: 0368cfe52337f1038d2dca186766550b
name: libpq5-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '277124'
- md5sum: a4e948800c76478520c8b16b192c1d42
name: libpq5_15.8-0+deb12u1_amd64.deb
priority: optional
section: libs
size: '188308'
- md5sum: e759813e734b7053734b4350e79bad26
name: postgresql-15-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '16883336'
- md5sum: 76c0014daef4e05e6b1123969599d2cd
name: postgresql-15_15.8-0+deb12u1_amd64.buildinfo
priority: optional
section: database
size: '16568'
- md5sum: 55b0e35bd04897544c573608405d7d0b
name: postgresql-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: database
size: '16801768'
- md5sum: b54c974d792471e0dbb046534da1575a
name: postgresql-client-15-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '2420168'
- md5sum: b4ee6fce221e5400687e45c8cfc82f66
name: postgresql-client-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: database
size: '1701264'
- md5sum: 53ec4b05468e19f08baa2c03ab32958f
name: postgresql-doc-15_15.8-0+deb12u1_all.deb
priority: optional
section: doc
size: '2043012'
- md5sum: bdf967b04172baa371d962b12963d173
name: postgresql-plperl-15-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '186756'
- md5sum: 034a65b5b2ba7deb5e5ca09a1e8b8c44
name: postgresql-plperl-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: database
size: '89584'
- md5sum: dfe30dba853b3e3f3108dab200c1bf0c
name: postgresql-plpython3-15-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '178368'
- md5sum: 2b64230ae2e43e687aa40007eaa5132b
name: postgresql-plpython3-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: database
size: '110992'
- md5sum: a51d4ce1a864ac3e4dc4d9c80f2822d6
name: postgresql-pltcl-15-dbgsym_15.8-0+deb12u1_amd64.deb
priority: optional
section: debug
size: '79580'
- md5sum: c5a766ab9c1add747b88c59441b2e6f9
name: postgresql-pltcl-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: database
size: '41688'
- md5sum: ffc2979a8af483d4e19db38a92ed7afa
name: postgresql-server-dev-15_15.8-0+deb12u1_amd64.deb
priority: optional
section: libdevel
size: '1143564'
Format: '1.8'
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Source: postgresql-15
Urgency: medium
Version: 15.8-0+deb12u1
type: dpkg