Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postgresql-14 14.5-1 (source) into unstable
Date: Thu, 11 Aug 2022 12:07:30 +0000
Signed by: Christoph Berg <myon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Aug 2022 14:45:40 +0200
Source: postgresql-14
Architecture: source
Version: 14.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-14 (14.5-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + Do not let extension scripts replace objects not already belonging to
       the extension (Tom Lane) (CVE-2022-2625)
 .
       This change prevents extension scripts from doing CREATE OR REPLACE if
       there is an existing object that does not belong to the extension.  It
       also prevents CREATE IF NOT EXISTS in the same situation.  This prevents
       a form of trojan-horse attack in which a hostile database user could
       become the owner of an extension object and then modify it to compromise
       future uses of the object by other users.  As a side benefit, it also
       reduces the risk of accidentally replacing objects one did not mean to.
 .
       The PostgreSQL Project thanks Sven Klemm for reporting this problem.
 .
   * Update lintian overrides.
Checksums-Sha1:
 134696247426c28ce25cd31f7f6ea3c0e95a802e 3721 postgresql-14_14.5-1.dsc
 3f2bb7d0b6d56f985fa5dfd2dd2675e7b6b2fef9 22132996 postgresql-14_14.5.orig.tar.bz2
 dbb317d093d7fcbc1f9da9cd005910d0655d2a80 24780 postgresql-14_14.5-1.debian.tar.xz
Checksums-Sha256:
 3fd56af51169514586b8bf3e97413b7651b5c66060e4bfca3f8a198bede27d2f 3721 postgresql-14_14.5-1.dsc
 d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30 22132996 postgresql-14_14.5.orig.tar.bz2
 6d14a121d5e0cc0b3a5d7f4b5a081445dddc1685c31dac1a06220c6c3919f0b7 24780 postgresql-14_14.5-1.debian.tar.xz
Files:
 e29a858910b42ec766c676a8a6504513 3721 database optional postgresql-14_14.5-1.dsc
 1b319af2ece7fbf836d2d9533e91aa9b 22132996 database optional postgresql-14_14.5.orig.tar.bz2
 50c32affea9cf837bfaa3ccb83b4e898 24780 database optional postgresql-14_14.5-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmL07gkACgkQTFprqxLS
p66mNQ/+KL7DNybmo3Icz3drYRtQRh+pRE5u+x0ooEHa2aPP6AeLO/QN6AZZ2X64
V+VlI7peRC08r64p0s8THFgZ8cgqFY45qJPndzJUitVg4MvDPZidgcswUxhFc+cZ
0SP2Pt6VzhIuVgU4cxsG03Tp6XrO7LXIKtXPcEuZ1EeU62Y/Gpez6cUIZ0381BVo
6nKiE6CRuSPt7FQTZ904Xz6Me0FicvimVkWdgo4puokCr3CsLp6mDGFDZfWwsglW
eMYI1aFv1YtFJ9mj3NhYY9cmjhtcMNzEkPszo6Vv+BzXlglA91HIB/V99cSXZlvK
tdmf2sktWPhdz4f8v5Nvl97FIr9nxCqDctU5H98ePtCg+i44GoYi01oMdd7HVtks
7I5dC4B9ds5ezpIYiWlPyHEQ0gCMz64RwgGatZWjwIav1B1tItIl/yYimfEBmxWD
No0PUtxqwpynF03Q7TDnVjL9d+BwSgVDmmo5xMi6eyw01SbapVIxsK0YIzruH++1
hIHDeCP87fPazW3GmMr8I+DNg4DU6Tfcy494kM8HMnKXmKpBtPcF12ArGt7o7C0O
8R/SOyr0gWo9dMFTKTJV9/xx4EPJiQyLXrkTeQkt9f7dBoGMgCNsLKEDoQz33ene
tRq9OYJktVGluGt8j0RWO5dLSaYxYIOEAat7StmhsLxDgOjNy44=
=tBkq
-----END PGP SIGNATURE-----
News for package postgresql-14
