-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 May 2023 20:35:39 +0200 Source: postgresql-13 Architecture: source Version: 13.11-0+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-13 (13.11-0+deb11u1) bullseye-security; urgency=medium . * New upstream version. . + Prevent CREATE SCHEMA from defeating changes in search_path (Report and fix by Alexander Lakhin, CVE-2023-2454) . Within a CREATE SCHEMA command, objects in the prevailing search_path, as well as those in the newly-created schema, would be visible even within a called function or script that attempted to set a secure search_path. This could allow any user having permission to create a schema to hijack the privileges of a security definer function or extension script. . + Enforce row-level security policies correctly after inlining a set-returning function (Report by Wolfgang Walther, CVE-2023-2455) . If a set-returning SQL-language function refers to a table having row-level security policies, and it can be inlined into a calling query, those RLS policies would not get enforced properly in some cases involving re-using a cached plan under a different role. This could allow a user to see or modify rows that should have been invisible. Checksums-Sha1: 9575212f6f3bebc97ef6ed7d958197de8d495e88 3703 postgresql-13_13.11-0+deb11u1.dsc 501acb24ba8539c08ba12b08adecd7559bf87e1b 21519655 postgresql-13_13.11.orig.tar.bz2 93dc0d58d69d1ebecd6e062ac3502d787eb3c060 30160 postgresql-13_13.11-0+deb11u1.debian.tar.xz Checksums-Sha256: eaa5b109ae2d02a847dc7e6dc5263539ccb79dee6a130fd1228e59aa375831c7 3703 postgresql-13_13.11-0+deb11u1.dsc 4992ff647203566b670d4e54dc5317499a26856c93576d0ea951bdf6bee50bfb 21519655 postgresql-13_13.11.orig.tar.bz2 f4dc062b966ab53fece8116eb4919629a8d4bbe2045786b0015f893fa7852ea1 30160 postgresql-13_13.11-0+deb11u1.debian.tar.xz Files: da018b47f1ba68026ada09807b67379b 3703 database optional postgresql-13_13.11-0+deb11u1.dsc b4fcb4a73180840f23cb3a09cd01d9dc 21519655 database optional postgresql-13_13.11.orig.tar.bz2 37a1dd004a8dc5762435c86ba2e77e3e 30160 database optional postgresql-13_13.11-0+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmRb5t8ACgkQTFprqxLS p65CURAAlAkCrbbE28ia+NBGo94PiC1XkTriafEEpETz8uPOU+q2sReoP8x1ICdU 2TJRyXBUzCIfB6qfx+YhDXzs7ZjKFAkkSqX+GKOHG51aRyTmz4/2ZSsMh7lADRgh QsjdfFan+Pi/aqx9TFhHOTzSY3oZScEe0FBa2MnoOpJjY8sM7AQZZQsRZvsxTTyj 1PZIuDvslTlANlTgrsA23nVAeJCcrAhJe1sKr9BtJgLL4+gGdNM5sweQ1ionqZyC X0DszyYTXve/l7BIRQqGtOcmshXjIISWaxzjf8FEzjv74MW6kUJ+kodlMJJo8DE5 WgFZq24u+OOIO3FerX5Ur5lLXhSPHR+uyOVIlZH3zUpzAgLvTkAFZ4EL7iS5vEio JjNT2FWyedhy1osotKh2hvqcXjetWv7V7fCe7kkakEm1X1yBq+XcPohKynFbqf05 9i8he4hSxX1flbCNafcfz7JLMIdKhGrqNVqFslYCgCUrp29HzC6oSHh/VK2NGXWU w2fSA41FpTLci7EijUGUibia6FjGSuavxf4vSDhh1q9Azq0c/CBCFryDVje1lyvG L/wwa+Y6nbWA1Kh3YP7ma7Ixho02DEL2/XfJIXjQs/hubY8AlYpAjhQFmhBKgxEg sUzZOgyiTDNvIahkqDCsxEyfxWKE3YCkxEzFo+VKJPI6AeARUdY= =xv7O -----END PGP SIGNATURE-----