-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 12 May 2021 16:42:10 +0200 Source: postgresql-11 Architecture: source Version: 11.12-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-11 (11.12-0+deb10u1) buster-security; urgency=medium . * New upstream version. . + Prevent integer overflows in array subscripting calculations (Tom Lane) . The array code previously did not complain about cases where an array's lower bound plus length overflows an integer. This resulted in later entries in the array becoming inaccessible (since their subscripts could not be written as integers), but more importantly it confused subsequent assignment operations. This could lead to memory overwrites, with ensuing crashes or unwanted data modifications. (CVE-2021-32027) . + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (Tom Lane) . If the UPDATE list contains any multi-column sub-selects (which give rise to junk columns in addition to the results proper), the UPDATE path would end up storing tuples that include the values of the extra junk columns. That's fairly harmless in the short run, but if new columns are added to the table then the values would become accessible, possibly leading to malfunctions if they don't match the datatypes of the added columns. . In addition, in versions supporting cross-partition updates, a cross-partition update triggered by such a case had the reverse problem: the junk columns were removed from the target list, typically causing an immediate crash due to malfunction of the multi-column sub-select mechanism. (CVE-2021-32028) . + Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (Amit Langote, Etsuro Fujita) . If an UPDATE for a partitioned table caused a row to be moved to another partition with a physically different row type (for example, one with a different set of dropped columns), computation of RETURNING results for that row could produce errors or wrong answers. No error is observed unless the UPDATE involves other tables being joined to the target table. (CVE-2021-32029) Checksums-Sha1: 7bd49b50d5efac6148d280bdcc54fb715733b581 3745 postgresql-11_11.12-0+deb10u1.dsc 4058af97fde72064c5fd18a508eda6a5526359df 20075485 postgresql-11_11.12.orig.tar.bz2 f0fba10a41fcac64889eef7486a89b78c1c7e53f 27380 postgresql-11_11.12-0+deb10u1.debian.tar.xz Checksums-Sha256: 7c33b4631e3724ba947ae15bd63c995c12fc401fdd05645a33c4cd46bccb2c41 3745 postgresql-11_11.12-0+deb10u1.dsc 87f9d8b16b2b8ef71586f2ec76beac844819f64734b07fa33986755c2f53cb04 20075485 postgresql-11_11.12.orig.tar.bz2 14b775753a19adae79bf383b7feb06f0cb1e844ebbea295287f33e4d881b478d 27380 postgresql-11_11.12-0+deb10u1.debian.tar.xz Files: 6d2cb5e70582ec2e92fd01be9f58849e 3745 database optional postgresql-11_11.12-0+deb10u1.dsc 3746c96a0e8f546f5503ef7b50abd2ff 20075485 database optional postgresql-11_11.12.orig.tar.bz2 6b901d80a7f58d721d28a2ce07a77b02 27380 database optional postgresql-11_11.12-0+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmCb/PAACgkQTFprqxLS p65cWw/+M13I6BOUfL1BI66Lj/4lH/IXLY/JacM/2zNFQ+c2mdyz5K7KGjGCxQqC 01vKO7Q6JH2Cw+uhJVhm9v7oIbouDxG6Cddo/5ZyRrlTZItI3z8HWJl4olBwOGxl +cQDLBwWjSH5jgRwWQPPWx5SqWA3CRKFnu57TbopdoHNfy3jQl7/lVAInSNXCYYV 7LELPWS0i+S/8+xpuruqVEjNDRh7RylhNCfwUTbRvcdvILiCijAsIQcYKe+tb7w+ Pn4F5OkRDHzb1O1x0afgP+s6qnIKtONKWpDuG9XV0KI03pxIIVz5vgq7nELKr9QR dEdY83iGkOKSDZa97cQnyyEw0VjuDIZqXddPIudsNS543lKafF+BfapMIHlISLNS hDNw9FF6kNg/s316xlBWtNpmE9MES0J8TAFndjYy4xMSD/8uLIkS+uE/MhecuRrO pni3R1PCquZn5VBNdIPv1IVJpVOl1dHytukc7L3Y67ZcUBaP0ilooZ8nGV8+ChAk 1PTt/tf+oAtobOENActRltzNrjzTWtntK4bxSmtRulKDcrLWTglhIwTKVQhcFJSB kMABblOxHuE1AHQKPYremYzaDcgyaxqTrL8bDs+LmkbISMyYbU8z1FwQ5kD3sbG1 TKe7YvVXiqVwHBvIkp2pxtBlkcwGNw8Tdx5VMXMS/b+Tg4VL2Mc= =NzpI -----END PGP SIGNATURE-----