-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 11 May 2022 15:15:30 +0200 Source: postgresql-11 Architecture: source Version: 11.16-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-11 (11.16-0+deb10u1) buster-security; urgency=medium . * New upstream release. . * Confine additional operations within security restricted operation sandboxes (Sergey Shinderuk, Noah Misch) . Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the security restricted operation protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it. . The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552) Checksums-Sha1: 60de28e354b62679eb537b6ca10d94d169ba9c1f 3745 postgresql-11_11.16-0+deb10u1.dsc 1363628af4edb0a36e68f7a9941294dbcd083715 20347100 postgresql-11_11.16.orig.tar.bz2 f3aa86b3b63c3282f91d21069bdfe438d742edb1 28300 postgresql-11_11.16-0+deb10u1.debian.tar.xz Checksums-Sha256: a5260ef4b2622d0c2c1ea8bcadade0c03824f5455fe2475db713edb80f522e5a 3745 postgresql-11_11.16-0+deb10u1.dsc 2dd9e111f0a5949ee7cacc065cea0fb21092929bae310ce05bf01b4ffc5103a5 20347100 postgresql-11_11.16.orig.tar.bz2 7fcd14f517983bea39a6f97dcd99333e359be6c6f2985e12aa7ccf637c6c504b 28300 postgresql-11_11.16-0+deb10u1.debian.tar.xz Files: 012f78e4426afb38af209953c235ba1d 3745 database optional postgresql-11_11.16-0+deb10u1.dsc 68ba8abe647f52503ae562755593e3df 20347100 database optional postgresql-11_11.16.orig.tar.bz2 472cceec9235f715b2859d663d0213ac 28300 database optional postgresql-11_11.16-0+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmJ7t50ACgkQTFprqxLS p65cFRAAlTDhYVSn4rh94MFDnO6NnXVFh5QJBnx6y7Kl9Sc6QKMm/r+dAatUIv7f jZ1CWfCT6R7QyRcOydfKpABFrZvXvKZYLZebB4DOEXIMWzizz+MSrzEHxtKWNdKX TLgDPxnCK77bnlKJyHvduYqf3wPmNuEtne1I4vtP69XGlV2SWZP0dnCkXL0LndEB lrJGM1MbmKzVVgw28Ad8zUJ9RkBvvDxjQmrRvzs5s46mpOMFuBjoKI2yx6yMvVPl p/li9OyL44Mw4ODEPX0maEL6f+msnLS4ymv78I67AlpVE++MzAExhO+cBl3dE62k LqKG60bZ+KwxqR4X999xwqhX47QAC4Amtyy4gIYwW5PA57718/0ctRH2cl+GqWCS 00LsWgj1rWqvjl/O71u4j6OdEMnU8YwEHEhJFRaJckVx19oIIDU7jQAYWtLbOv6G vbaWEuaSxTclDL71E1QfUp8M20wn/dqfsjDXgyzv40fY0AoB5BjeFQxe7Qm3K9Jm vX9dqx2HDkHnPKOqSt1Ka/AbJVCH4S1/MexyzsDiVoUuZlN6BzqaVBxOxL6AGQ97 bBucTHM/nSgJ6gnKNd2Oetrqdthjtwxz4tac5H04a7xC+0T3ybfnby2waYRHUJ1Y 79wy6uUNl6f8AWMsonA5RmZYzQ3QGxm5LT1LcNiiR77I+yUtlBA= =DvXm -----END PGP SIGNATURE-----