Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postgresql-16 16.4-1 (source) into unstable
Date: Thu, 08 Aug 2024 13:26:27 +0000
Signed by: Christoph Berg <myon@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Aug 2024 15:13:51 +0200
Source: postgresql-16
Built-For-Profiles: nocheck
Architecture: source
Version: 16.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-16 (16.4-1) unstable; urgency=medium
 .
   * New upstream version.
 .
     + Prevent unauthorized code execution during pg_dump (Masahiko Sawada)
 .
       An attacker able to create and drop non-temporary objects could inject
       SQL code that would be executed by a concurrent pg_dump session with the
       privileges of the role running pg_dump (which is often a superuser).
       The attack involves replacing a sequence or similar object with a view
       or foreign table that will execute malicious code.  To prevent this,
       introduce a new server parameter restrict_nonsystem_relation_kind that
       can disable expansion of non-builtin views as well as access to foreign
       tables, and teach pg_dump to set it when available.  Note that the
       attack is prevented only if both pg_dump and the server it is dumping
       from are new enough to have this fix.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2024-7348)
 .
   * Disable JIT on hurd-amd64.
   * Restrict systemtap-sdt-dev B-D to linux-any.
Checksums-Sha1:
 5bc8386f1840d7a94c1b84fec799df373b44603b 4273 postgresql-16_16.4-1.dsc
 fe7169014b49d9c191fd181893b233b3accf5c07 24765786 postgresql-16_16.4.orig.tar.bz2
 01519f023c5cecbe70b6fbc30b19624f8eb797e6 32180 postgresql-16_16.4-1.debian.tar.xz
Checksums-Sha256:
 e48e44754f7b060aec5fc8d6b8617c0bd9da69eaa16c15f76d71e22363970f2b 4273 postgresql-16_16.4-1.dsc
 971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f 24765786 postgresql-16_16.4.orig.tar.bz2
 a7cfc0157f322cd9ebcb915628173c2fa453aa5185c2a56a1eb1c007f732471e 32180 postgresql-16_16.4-1.debian.tar.xz
Files:
 2af3bc20f3d0aec165036de595400451 4273 database optional postgresql-16_16.4-1.dsc
 bdcc1e350b473c13d132d190c0c18499 24765786 database optional postgresql-16_16.4.orig.tar.bz2
 ceb2b368546520f29f9f12c277eda5b4 32180 database optional postgresql-16_16.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAma0wgAACgkQTFprqxLS
p644MQ//QJErngifOUK6HUEId1kLl6Vos72SEU07OVFK+5P7zC//s6z/dEUPNuqA
NqNgHYrFeiWyC9/I5YhmxPwjEkKSMXn0xosTKvIFu+QxkmgiubI4cinMLQGxp9bC
zCEvVV5aIsc6wwonypwvYirLolnHZrTyk5EdJWYnK+EQHomtOSoblkWCiGremo0q
WmukBaloFroWutKRh1VBy1tcMU+GJ/q9zKw9Kdpl1EQf7WYbYjj9Wz8lQW2jnr1Q
b+HusvPgMxKUkh+/ndfdRdgWE9uYoi6B0F+HLFdRnjXADzZ+33CFMOgkxyuzMslT
O8aVTztStQTo/gEjGN3xoDwmFK629DkFfIS9sm1KyraAtxZYNWUxLRpVXmAbVO1x
R/nQIneyAclQ90REK4G/I4UqTUFX1IYSpBEOIwFQd1eHlRva9IsLQRK1fHYrUSaz
rQcRl/IFbTun1a045OzJeP5/LKbBTnejZKjZuzo8QWI217JC8aAd0hUQvJ/r9AYt
22gO7CH/a2Gyt0ogCI9FkMtGjAWXbv+hoXGr5F851jv40W57zR0UKVuu+XLa+QU2
JuesUP3oMkRvMjD6goBG2qN8fFTrMpzE60ERrftQEArhwRsOSvtmpMLgkUsKHgVJ
UGrnqZcNuTK2+qlwUtIGZMKdHKAALxuO4CAps+fOE66vZtn6CnE=
=Y5gp
-----END PGP SIGNATURE-----
News for package postgresql-16
