-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 May 2019 12:04:34 +0200
Source: postgresql-11
Architecture: source
Version: 11.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-11 (11.3-1) unstable; urgency=medium
.
* New upstream version.
+ Prevent row-level security policies from being bypassed via selectivity
estimators (Dean Rasheed)
.
Some of the planner's selectivity estimators apply user-defined
operators to values found in pg_statistic (e.g., most-common values).
A leaky operator therefore can disclose some of the entries in a data
column, even if the calling user lacks permission to read that column.
In CVE-2017-7484 we added restrictions to forestall that, but we failed
to consider the effects of row-level security. A user who has SQL
permission to read a column, but who is forbidden to see certain rows
due to RLS policy, might still learn something about those rows'
contents via a leaky operator. This patch further tightens the rules,
allowing leaky operators to be applied to statistics data only when
there is no relevant RLS policy. (CVE-2019-10130)
.
+ Avoid access to already-freed memory during partition routing error
reports (Michael Paquier)
.
This mistake could lead to a crash, and in principle it might be
possible to use it to disclose server memory contents. (CVE-2019-10129)
Checksums-Sha1:
6bd21c1ae36b00a90d035e1fc51ec18f0a7d1251 3706 postgresql-11_11.3-1.dsc
99b54b4ec4b519c9617f942348d5be328f916773 19718775 postgresql-11_11.3.orig.tar.bz2
de5afbcbf508191a3e0a8964f5e268350cd3e8c7 23928 postgresql-11_11.3-1.debian.tar.xz
e37de3aabaed50512c33622a9e3f1c714be2a4b0 8757 postgresql-11_11.3-1_source.buildinfo
Checksums-Sha256:
c3b077eff6d49532bfc0294d323b3618566fa7aaf718cbda5cdd64611de04d48 3706 postgresql-11_11.3-1.dsc
2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d 19718775 postgresql-11_11.3.orig.tar.bz2
db88c01d8ed7718f659b7a3483dd1987268161a2c4773658c99afd8f39cc98af 23928 postgresql-11_11.3-1.debian.tar.xz
f27802b14a3af0d0cdfaa1d88a4ca0c69cd9a868c4aaa4c314ccbb1d0f7e3165 8757 postgresql-11_11.3-1_source.buildinfo
Files:
9b74eb2b7251586a20d23c52e5c55480 3706 database optional postgresql-11_11.3-1.dsc
c2a729b754b8de86a969c86ec25db076 19718775 database optional postgresql-11_11.3.orig.tar.bz2
a162b1efb37d645c6c6cfefa4d265a34 23928 database optional postgresql-11_11.3-1.debian.tar.xz
daf0d1a7ba957757347899f233ac7212 8757 database optional postgresql-11_11.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlzT3TAACgkQTFprqxLS
p67Giw/9HdFe9w2cGJ0TDRTK1pf2j1eaQyy2TeXZbBZJanm+E/Y72CPP3RotOoUd
tEWqaR0olkkAy9A9N4VuneBKs0Vq+vPsWbs6PbTZ7vgnWCudZC8pEVVCF8Hv96t5
GqaJft4RNFlzThJGEqRRVYoP1dWbxf87KnU2ucY95XzKLYOP7fpa/im6f8v5BiQD
ov1IOjlrLqeC2xSTl5SpnKBMuPLUVSxZXKi9E1e5wrqYZcGNmJ24SMTOIIHx4u0q
EFYrJiLL+VZE7/j35BGaRQUGW3kFiTwNptV90XySdXPk600DP+IymwGR8+pFWr2y
TGMU3gSJKSw+tGClvo/Qv2aKeszbg0hIqmqJ4C8452rDVchPazSfGkzVtdW+KG+k
Njr9/axbkh2EIypat3GRGLEsog7ZccqqFridV5WwATIb7K2lJCJlVEt0Z7xnq2Kz
itYkruL6UC1300+b5b89HSmWkGjLXcPIZJKvSzjuiclyji0Rl3eNxJVTWE6LwlBF
1HvXY1NhY8C7rzzunLQOzeyljenBLC+grYfWh4YD4B4Eqri7NFP9hUdT1Rt4ldlh
Yj79WivOGqGKTbVOeXeRy7s9ERBQt7no9M4P3ukyr1TH2hiRBD0YTomDUdmVuqjc
TE2xdmoJ2uLn8SinJXW4rGKjEbDLmpORi26LTtytAzCek6BOnJE=
=ZZYB
-----END PGP SIGNATURE-----
