Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postgresql-16 16.2-1 (source) into unstable
Date: Thu, 08 Feb 2024 12:51:17 +0000
Signed by: Christoph Berg <myon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 06 Feb 2024 13:27:57 +0100
Source: postgresql-16
Architecture: source
Version: 16.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Closes: 1059170
Changes:
 postgresql-16 (16.2-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     * Tighten security restrictions within REFRESH MATERIALIZED VIEW
       CONCURRENTLY (Heikki Linnakangas)
 .
       One step of a concurrent refresh command was run under weak security
       restrictions.  If a materialized view's owner could persuade a superuser
       or other high-privileged user to perform a concurrent refresh on that
       view, the view's owner could control code executed with the privileges
       of the user running REFRESH. Fix things so that all user-determined code
       is run as the view's owner, as expected.
 .
       The only known exploit for this error does not work in PostgreSQL 16.0
       and later, so it may be that v16 is not vulnerable in practice.
 .
       The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
       (CVE-2024-0985)
 .
   * Add Swedish debconf translation by Martin Bagge and Anders Jonsson.
     Thanks! (Closes: #1059170)
Checksums-Sha1:
 20a964e8739f4686663660da7830b5e4c356c9cd 4187 postgresql-16_16.2-1.dsc
 fc3d0e598410bbdf59f240821c9c77a6936467b6 24711703 postgresql-16_16.2.orig.tar.bz2
 d5129d385f9ffcd2408d01efe41525f87721d4c6 31264 postgresql-16_16.2-1.debian.tar.xz
Checksums-Sha256:
 2700b610a315b627632e3d6cc11103707e78048c59272fa6ef2aeeab1f0541f5 4187 postgresql-16_16.2-1.dsc
 446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 24711703 postgresql-16_16.2.orig.tar.bz2
 6eaa133ec2240213b1bab0e59c800353d2ec18af2d48c1c1f60fbbb7f1096fa0 31264 postgresql-16_16.2-1.debian.tar.xz
Files:
 d72056af8106c89485f61651dfa4a87f 4187 database optional postgresql-16_16.2-1.dsc
 3d19d93434666db5d33e692472915ae5 24711703 database optional postgresql-16_16.2.orig.tar.bz2
 426fa2f98e9f58313b95affbf40a4575 31264 database optional postgresql-16_16.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmXEy4MACgkQTFprqxLS
p64awA//R3CFj72MWz7x08yHkfwd+HBQMcaBWFelAZPQ+5U9opV1C8JxtjWgP9Dy
wsSZk703nHNZhM+stgOwMpAsblrm/RHK7anDd78pekMTstSaHEFGLsPVo4FDfGOl
LmnJHj64JxpQb3Ms2MH+8tTJjlAE0nfYJiU+KFKXmwKIVwItTBeN+QWP1xnbjsux
q3zMIyzOWjcYeLhlwqdz73lEeHkmAyUHbCokJ3UoSCQp/Diu6A37ebwlczDyT+hL
4HOUtIYn/XqolpJHLO0DQTs5C1L9f0Dqf+ZYycHAgxBfJuUtteeB/AvZjsKLd60L
2NA1LedDbhBMcF+rBsbAhnIKAzXTK0pc/pN13kY5QrSbnuKRWvsIA564t39KvVH/
ZXQC7XXiRuo4z5UIhAcnn39m/2Nj8LRJdM94eFs0dMY5w+Yk7kTlOqXv57YIL0S8
9SIupPAuFUUhDmLjX2J32bVcMVwsIgmZIFvOeLzxSpg8ENl/NqUvy8IULWIUcg1l
f9Mi89+l5Cj7jKwTWCfxFXgHSS3LAzdPFWZmR6ebFuEFCYrI4ZRQCRhvIsj+qfnv
UPnihwB+6MhJdKB5k80Z1adUQR1ZWgRQBNLWPFg6/6hScKpDtVQQV6toOikhvw8Z
c4GqcKjUTKK8xeQqQH2wecTOY4CO/dxKvwZdUmA2LjdwqyKvMh8=
=gsg2
-----END PGP SIGNATURE-----
News for package postgresql-16
