-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 01 Oct 2023 21:59:50 +0200 Source: postgresql-13 Architecture: source Version: 13.12-0+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-13 (13.12-0+deb11u1) bullseye; urgency=medium . * New upstream version. . + Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign (Noah Misch) . This restriction guards against SQL-injection hazards for trusted extensions. . The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting this problem. (CVE-2023-39417) Checksums-Sha1: 700d83b5fcfaa50ee224218365e32a57b4e00c26 3703 postgresql-13_13.12-0+deb11u1.dsc 42b97e5e04398d54c0ad70cf3df1b37bf6039891 21542293 postgresql-13_13.12.orig.tar.bz2 c80c12393048b762c9b3e5df3a65e422982e4423 30220 postgresql-13_13.12-0+deb11u1.debian.tar.xz Checksums-Sha256: c718caec1e74cf6092299b6891f17ee1cc99363693320e9a7b66d674a8c0793f 3703 postgresql-13_13.12-0+deb11u1.dsc 0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b 21542293 postgresql-13_13.12.orig.tar.bz2 6d79af2555654ff902f18bc3b4ad7b286336e9bc4e7a9c1ba7df5c3cf11428aa 30220 postgresql-13_13.12-0+deb11u1.debian.tar.xz Files: b8602b91ab9e5dc38bc098b03e615c29 3703 database optional postgresql-13_13.12-0+deb11u1.dsc 01c68c8f05a7e537977ee00e57110815 21542293 database optional postgresql-13_13.12.orig.tar.bz2 6d6f3c9064b1ee30bd11e9747baf0e1a 30220 database optional postgresql-13_13.12-0+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmUa3NcACgkQTFprqxLS p64dsQ/+Ivs89wRsDRJSPvaHbOMpR07c5lIVZlwxS9tUBSpI5swm6+Y2meUhDVGE jeHAshZipTPiyhHcj/Jh6YDhvljWxg9wDwI3aAhjqDz6jJyJyL58A+/Rne7/BXoc fCEYj7zoyPMWvuMre6jEdlbuyi+TO3W3HudD8HkW5mJ7abfjxmMtklD0F0ojZaBQ npzAv8DxTInp/9YTAhLQg+fs/FQK3tZ//XdG78QoqF7Ah0/gD6MP0Vm+3Z/i3OPh Plhw4xaL4XB7H8DQv/MW/GbYMpwU3EROFizIJ1O/yV4Zdx++9XOPmYnOIq6tU6NF /GAPaX6BjmZo2JYIoivj7OkWZSnrd0SSA4SkKxJinckeWaSrqhWdZ9V/w5kXsfmr 3yXauuvlGK/at8AcaYh4UBUwEUCUtOOLe/2oJwCYR+kxHsV2EHZibYX7jWuKuCcW hkDEsKqr7HJxcMIV9kb9dBk5bmdF3IBs1zg/vEIBCfiw5yST6k5sFQC+CYbnSYDn KdefCLiKQVd6sdjM8qHbWDQUgZHsC8DaxLsuWpCPjadqvOnvI9EY8I4pHfTYc6Cf UJud1ztubZSNBBrgqKc0G4YQdH+42qtOyZ2Ic3bdsqhZ/3RGfaEDU2J5pGKwg3Sy JUeR3Q2LUpqcqftqkkC+sQBGFLwy2gj3p4ggzhsrY8AI1jiLuC4= =iZQu -----END PGP SIGNATURE-----