Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted postgresql-13 13.20-0+deb11u1 (source) into oldstable-security
Date: Thu, 20 Feb 2025 15:50:19 +0000
Signed by: Christoph Berg <myon@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 18 Feb 2025 11:59:37 +0100
Source: postgresql-13
Architecture: source
Version: 13.20-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-13 (13.20-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 13.20.
 .
     + Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane)
 .
       The changes made for CVE-2025-1094 had one serious oversight:
       PQescapeLiteral() and PQescapeIdentifier() failed to honor their string
       length parameter, instead always reading to the input string's trailing
       null.  This resulted in including unwanted text in the output, if the
       caller intended to truncate the string via the length parameter.  With
       very bad luck it could cause a crash due to reading off the end of
       memory.
 .
       In addition, modify all these quoting functions so that when invalid
       encoding is detected, an invalid sequence is substituted for just the
       first byte of the presumed character, not all of it.  This reduces the
       risk of problems if a calling application performs additional processing
       on the quoted string.
Checksums-Sha1:
 3bda054bf1207bd0ddf48ec519cd2ea7db5a193c 3703 postgresql-13_13.20-0+deb11u1.dsc
 e56b335306a0dd446987c35dba655427dfcc325c 21730844 postgresql-13_13.20.orig.tar.bz2
 b26130c4d26c62cf8b41862bdc27cca332a20bb8 36140 postgresql-13_13.20-0+deb11u1.debian.tar.xz
Checksums-Sha256:
 b52c3cffcd407eb8ce02c44f98a27a39f698fc21ba16a52984f8fd7fe12b7a81 3703 postgresql-13_13.20-0+deb11u1.dsc
 8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288 21730844 postgresql-13_13.20.orig.tar.bz2
 13b02d231c1974a46240ba85d5d86aa89585744758e5c1100ce29ddbe36ef48a 36140 postgresql-13_13.20-0+deb11u1.debian.tar.xz
Files:
 2b4f8ec97cfdd38af52bfcd156419b5d 3703 database optional postgresql-13_13.20-0+deb11u1.dsc
 0aeec919b4a5976bf92c87aaaa442876 21730844 database optional postgresql-13_13.20.orig.tar.bz2
 d03fd6627ce68ca9560c355e7a9bd4b7 36140 database optional postgresql-13_13.20-0+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAme3TJcACgkQTFprqxLS
p664ZBAAoVvHZ6gj+MqEZKOAoXw2UNH/TAgj6by0YRQBYOmx0yxeKWwxCCdsZcKs
5/0FebMLa1JKHH87neAQGP91qD17TD73K4fOkHWIMF+AcEsaCUwf0FKmaZdqCyqX
Y5IHVdwubz5aYFdcI1gaOi7qjtN1Qy65HM+Hgv+RVkui7z72Z2A6bGwazbi5Fc5G
9Kth+BJAhfvuOiXJMRsH6szVx+Pqvatvx9yXZfy14GUPVnliIHgdfXOu0J540RQD
gawIDpXomhdQ6EoxmH9PdLZ7y9Ds5zHS+wx17t7uH9Ac1UEI9LFwPPrHyNHfv3xg
bY4xaMLER4bXc//Ua6dWHikQpBQ/pAa2jhhD7B/BrVQakGRUGynHA/2P7OsnyYnl
XVc0JKG66J4KuxvZdhmaMPPMxHH2vyyrlMMRrkhn2I9x6yA3hVRQhmJ5fbDjcdP2
z2U+88yZ9b2P4k2MXf62ICDe6XguSLLoHlvzjzEmPWI3HqbJCk3BpgV+CzwMv2sE
NvzwFjT+OP7/rbvovetnA4fpT6vFr5PYVlTuE3CISXyEXAlicYuP5rmwNCSf3dHn
FGpAVIhoGzh+xnUkH0WgrYcssfuaPOiD4gYXUsGzGp4rlEdW0lp52D2rTZlohyIx
aAJxucHL/XZZ9G6ZPy3eYOFBF/WR6dLYG8r7V/owHw8sMp0Cmcs=
=C9z6
-----END PGP SIGNATURE-----

News for package postgresql-13