-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Nov 2024 14:27:34 +0100 Source: postgresql-17 Architecture: source Version: 17.1-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-17 (17.1-1) unstable; urgency=medium . * New upstream version 17.1. . + Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (Nathan Bossart) . If a CTE, subquery, sublink, security invoker view, or coercion projection in a query references a table with row-level security policies, we neglected to mark the resulting plan as potentially dependent on which role is executing it. This could lead to later query executions in the same session using the wrong plan, and then returning or hiding rows that should have been hidden or returned instead. . The PostgreSQL Project thanks Wolfgang Walther for reporting this problem. (CVE-2024-10976) . + Make libpq discard error messages received during SSL or GSS protocol negotiation (Jacob Champion) . An error message received before encryption negotiation is completed might have been injected by a man-in-the-middle, rather than being real server output. Reporting it opens the door to various security hazards; for example, the message might spoof a query result that a careless user could mistake for correct output. The best answer seems to be to discard such data and rely only on libpq's own report of the connection failure. . The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2024-10977) . + Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (Tom Lane) . The SQL standard mandates that SET SESSION AUTHORIZATION have a side-effect of doing SET ROLE NONE. Our implementation of that was flawed, creating more interaction between the two settings than intended. Notably, rolling back a transaction that had done SET SESSION AUTHORIZATION would revert ROLE to NONE even if that had not been the previous state, so that the effective user ID might now be different from what it had been before the transaction. Transiently setting session_authorization in a function SET clause had a similar effect. A related bug was that if a parallel worker inspected current_setting('role'), it saw none even when it should see something else. . The PostgreSQL Project thanks Tom Lane for reporting this problem. (CVE-2024-10978) . + Prevent trusted PL/Perl code from changing environment variables (Andrew Dunstan, Noah Misch) . The ability to manipulate process environment variables such as PATH gives an attacker opportunities to execute arbitrary code. Therefore, trusted PLs must not offer the ability to do that. To fix plperl, replace %ENV with a tied hash that rejects any modification attempt with a warning. Untrusted plperlu retains the ability to change the environment. . The PostgreSQL Project thanks Coby Abrams for reporting this problem. (CVE-2024-10979) . * Fix psql -l against 9.2 and 9.3. Checksums-Sha1: 5e0af2e45590ed82144e2f52fb3a39c21863ae60 4242 postgresql-17_17.1-1.dsc ebd99d9d48090d7cd43b1b793b2af99e4b3bbcb7 21410991 postgresql-17_17.1.orig.tar.bz2 a60981a2ad59e21790c6de8bcab4adc0440ae740 25632 postgresql-17_17.1-1.debian.tar.xz Checksums-Sha256: 0f509b9b749c11e2108d279c036afa7a3c65c6b2067bc36ae50f181ecccf82ee 4242 postgresql-17_17.1-1.dsc 7849db74ef6a8555d0723f87e81539301422fa9c8e9f21cce61fdc14e9199dcd 21410991 postgresql-17_17.1.orig.tar.bz2 7696f3e97e52eec0c1b44317b9b756a89d3e46dc070ca822b825030d99ffa811 25632 postgresql-17_17.1-1.debian.tar.xz Files: 9a7f4d6e8dbaa7f40f2ee49423d3b626 4242 database optional postgresql-17_17.1-1.dsc 76709047835d82ce1ebf6f1fb8928b02 21410991 database optional postgresql-17_17.1.orig.tar.bz2 96a42a2194fd7087d797ada372bea983 25632 database optional postgresql-17_17.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmc2GJkACgkQTFprqxLS p649Sw//WuTIZ61Y4EXgKSQZs4JxNbwMFYlXp9UEENPR0GfEdvrv/eMxbZKfA6IO S04nLtuG3nfh5mef7ofi/9LXdguDZ6JbTb6Hxpm0KQS33BevVKLa7khMp50WekF4 8bg/pNYZrz2bSZoeBUhWP8ZEczkwMM508f/p0/RMC4zCfZcv7C8uu642s+2px4L/ 5q3EPFsOTds1xN0xGv0PxmOCFEFxxLVlAIGbz5883HbfHHBXJ139d01S1IBlUJrE 3TGjcV1yX1/Gj5jc2zFk66TC/qZ1LzZ8IjBVN1RHu7LYe6N51Hc3MkyrVqIo0rQy lN68jz/T+O/0/ofvw2DkFSPlhbhzRG6S1jAkPGA1j7/ZBcP1DOmFi9cdvS/N+IBk IogYRCXSsIyGbKxTcBsnZM4wt4G8MwwbgoHkO81cZ/g3330gFAFUyLmKuJDN7FG9 6rF4z/feuRkrgN3mJr2QlkF3qH8xfYDIbj9kjXqd81bSzYbReQ3QwdyFOLxrJXfk e5ow/n0SjA2SWI5UgW6KHaGJNEfG9j8XSoVfiiWqWaKqEp+oNs+lK0IsE79sCFLq +ccx0c3zgoU9k3E3X2d6FjtXcVFFMvYIDlK0k1KhDDBFcgavi84OlNZYfKPJHTrK jI6kzotp3g+q08d4AmEVIqLXdgfdl55IDofGZFdbt8a6zzdcYa8= =F54L -----END PGP SIGNATURE-----