Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted postgresql-11 11.20-0+deb10u1 (source) into oldstable
Date: Thu, 11 May 2023 13:50:26 +0000
Signed by: Christoph Berg <myon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 May 2023 21:04:02 +0200
Source: postgresql-11
Architecture: source
Version: 11.20-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-11 (11.20-0+deb10u1) buster-security; urgency=medium
 .
   * New upstream version.
 .
     + Prevent CREATE SCHEMA from defeating changes in search_path
       (Report and fix by Alexander Lakhin, CVE-2023-2454)
 .
       Within a CREATE SCHEMA command, objects in the prevailing search_path,
       as well as those in the newly-created schema, would be visible even
       within a called function or script that attempted to set a secure
       search_path.  This could allow any user having permission to create a
       schema to hijack the privileges of a security definer function or
       extension script.
 .
     + Enforce row-level security policies correctly after inlining a
       set-returning function (Report by Wolfgang Walther, CVE-2023-2455)
 .
       If a set-returning SQL-language function refers to a table having
       row-level security policies, and it can be inlined into a calling query,
       those RLS policies would not get enforced properly in some cases
       involving re-using a cached plan under a different role. This could
       allow a user to see or modify rows that should have been invisible.
Checksums-Sha1:
 da69910501c1b9386e66e267f2615979f0620da8 3745 postgresql-11_11.20-0+deb10u1.dsc
 c85859feeafd6d9f4bc9dd9064aff0af3345cf1e 20456483 postgresql-11_11.20.orig.tar.bz2
 3cf48c13c7d57769dee0e12f3300f96b3375a9c2 29104 postgresql-11_11.20-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 d5afb436da0171c8d48e59c084104c4addbdf0b39038e952754a6899573821df 3745 postgresql-11_11.20-0+deb10u1.dsc
 3d7c8882f64a7e98534a044257dfee7abad77a5b7da12508d85d722b98b5acce 20456483 postgresql-11_11.20.orig.tar.bz2
 b48baa5a6ccd911a907bdcd2bf092bb1eea46dada7d55e153fb2c719115f021b 29104 postgresql-11_11.20-0+deb10u1.debian.tar.xz
Files:
 88977508c14f6dfb9af10c6087d07d9c 3745 database optional postgresql-11_11.20-0+deb10u1.dsc
 05666c76d6c2e0fd6cc3b8e604f9c06d 20456483 database optional postgresql-11_11.20.orig.tar.bz2
 94ad0d65b55d5856787cfa388fa5916f 29104 database optional postgresql-11_11.20-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmRb8lYACgkQTFprqxLS
p65fcA/9GzlAzKezQW3bMs7G0m/s6DdO8w7mumH9r737Ophlj0ZVChIZkap/6noS
17zfhpAQwKuFWtT80znnV9sLIq3kFQxcMqB2cPt0cWuy9QJoDkuKbewNyXF1rMe/
/I56PBM6d133yJf33Q8ASupQrINp2JTyL0XBeKlvzNi5zs2BcPKO3mI+4L0IYGnm
BOQmfBwRucuLgIe/VkAGCdsT68Wiy9kEgGqAsb+lqd5H/Mds1NaMJxZj+NajCO2z
+kW0/RJvpA6cJ+lX4PX7rcskNv90XFI3NWS49UCVoB+hWn70d6kc/3Q4FX5snkXh
NG02McxZoPO9xN4tY+u3MswojDeV1dWSM/8/K5kwq/4zWvbxgvLHRZf0nNaM/YbU
f/bhIg+9H4qcu2XIpbMgYxPLhcScYoaB55A0wsq2wVld5eoXnJw7Gp6n+MBoUjse
21jZ9JmsJNTTFaUEX27dfXSvwaAh7cIdSMc9j1ds5VsI/orAbRnx2lRnOyCdzIJ7
KFYURGPLmijg9NlfzgMJYJqj9u4OEOsH8F6/zxq/Nc9r4AuoLl+0okcT0N7WTsws
W5G9weCL8Wt/rUsOcoy0dJpgYBIivmpecyUZDPGfSTeLQwAHg0uzr3Ka6238AHaf
czuTrL5sQxcb4Eh+G5EA6QW2eeDrb33PhmiDyAQL2DtqIwaIGQI=
=YzBu
-----END PGP SIGNATURE-----
News for package postgresql-11
