-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2019 15:55:21 +0200 Source: postgresql-9.6 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6 Architecture: source Version: 9.6.15-0+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.6 - object-relational SQL database, version 9.6 server postgresql-9.6-dbg - debug symbols for postgresql-9.6 postgresql-client-9.6 - front-end programs for PostgreSQL 9.6 postgresql-contrib-9.6 - additional facilities for PostgreSQL postgresql-doc-9.6 - documentation for the PostgreSQL database management system postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6 postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6 postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6 postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6 postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming Closes: 911940 932247 933368 Changes: postgresql-9.6 (9.6.15-0+deb9u1) stretch-security; urgency=medium . * New upstream security release. + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247) . + Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch) . We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208) . * On purge, ask the user if they want to remove clusters. (Closes: #911940, #933368) Checksums-Sha1: 96b672b2c0aa809b9a88c185e804219b8ffdb488 3698 postgresql-9.6_9.6.15-0+deb9u1.dsc 2375ff8387ed746093f575f2cc69a2dabb5d15ce 18799121 postgresql-9.6_9.6.15.orig.tar.bz2 3a5f1cd414fdc8b2a725aa226fe1aa7edb3d850f 29760 postgresql-9.6_9.6.15-0+deb9u1.debian.tar.xz Checksums-Sha256: 01496f5c6784e3e1f3887df7fbbd2b76048752ded483e3595cb830ab4f208b41 3698 postgresql-9.6_9.6.15-0+deb9u1.dsc 3cd9fe9af247167f863030842c1a57f58bdf3e5d50a94997d34a802b6032170a 18799121 postgresql-9.6_9.6.15.orig.tar.bz2 06906589c9b2978ac9e423023d5adac937eb2185728d638be879108d2808d9ee 29760 postgresql-9.6_9.6.15-0+deb9u1.debian.tar.xz Files: dcc8d364a2d7cf708cc1335ca17ea2ef 3698 database optional postgresql-9.6_9.6.15-0+deb9u1.dsc efb0bfbd9926f9491543e5cafd30ddd7 18799121 database optional postgresql-9.6_9.6.15.orig.tar.bz2 4a2dc643c307bcc6df6e9e4b942a69fb 29760 database optional postgresql-9.6_9.6.15-0+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl1MNZoACgkQTFprqxLS p675hg//ZKPavmjsvRwmx8I5jEJMQcGEh615MePwAW+ccxkIXEtn1qLbK1xieqju QWwHfpyJNTVPmB9/WQkCo8AkK0AoPcmpsnVI9bQvVYXQlxFkwsdJ3ct/l6k/TkdO TEwLkWXrgii+5kUPuDuytpiVfgdNElR6icJK2X8NLeoTj7IQvOEZXsZTjRklanLv FhViuMB3fyichDcmOhu1aUD5G50oc9mkNzl8SJueaMVeVKPJ5YyNn7RwWrQPId4Z X96hBv8AkF58U8rNGb8uUspPvoeeb4Z1/Nj6OdIUGaNelB0mL0jA1lNbdyXVnwcY LTo3qYI+zDCzmuKQrUnaLtJXJS2Du5PC+Ih3Bj9m10AweQJIH5EbyqEOxdXPxwsT A/SnhaX/e9N9hshyqH/pPlJPYHGNwFmkChBU0Sm/TaOw20UPRcregVPzAhJ5j0XC hEYZk6OkNeI6EkH0Q4Ec0kLQt7lRj5/Miirlso6C33tPEfX/xRS9NqCOTI2J2BRq imvs2C0l/W2zBmm50ARFqKNfzlKDqUpKDsIl+kvlr7ciOWfaL2nSmrQs7KY5iQMC v2TqwHBwpJu8siJ6StVCcIeT7O8iCva57bWfNKEcnyTJtUHSa8E+VgAmKYjzSNC4 MAna6EtHTpLEkT2NeswVcKnjL5XF1EKEgSUK+NKzvQMlX0YnQXE= =MnUx -----END PGP SIGNATURE-----