-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: amd64 Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: 7864b03a3385fee148f3ae9ccf305bb4cb8f5693 16652 libecpg-compat3-dbgsym_15.14-0+deb12u1_amd64.deb 712fe5abd71ae172394bb99273bf73741fa264f5 19968 libecpg-compat3_15.14-0+deb12u1_amd64.deb 65e1a3c686167c2471da23c852860e79957bfbc9 281976 libecpg-dev-dbgsym_15.14-0+deb12u1_amd64.deb ec805b86a2af8898cdffbb0cc981530686a92ff7 298304 libecpg-dev_15.14-0+deb12u1_amd64.deb e1de1e6a6a8d8763d4fb1b69b643efa7ec74af1f 113752 libecpg6-dbgsym_15.14-0+deb12u1_amd64.deb ee740b69fe19b5f28cbd965491470de25d342066 64188 libecpg6_15.14-0+deb12u1_amd64.deb 1b921c84cb639461fcd533147e98714335f4850e 88260 libpgtypes3-dbgsym_15.14-0+deb12u1_amd64.deb e133dd61d105766b6cbd339f101dd605074a4b82 47724 libpgtypes3_15.14-0+deb12u1_amd64.deb 6a7c79c921921f13fd3bd73081347ce56f562859 147752 libpq-dev_15.14-0+deb12u1_amd64.deb ac6fade22a9f02213de0ada63736ad3877f6001c 277908 libpq5-dbgsym_15.14-0+deb12u1_amd64.deb e6d0b2f61a2b5078a11748b29f47712e19332039 193948 libpq5_15.14-0+deb12u1_amd64.deb 7cb2c52c3b0c471e984bec830db43bf420e3b401 16993072 postgresql-15-dbgsym_15.14-0+deb12u1_amd64.deb 6a8d92626d626a1238e1b72c8d0e580a504da186 17319 postgresql-15_15.14-0+deb12u1_amd64-buildd.buildinfo 8d523df1db5830c6d632aaec302760ef5f89680b 16892440 postgresql-15_15.14-0+deb12u1_amd64.deb 6b9eee80b2658247c8f28b3c11e37293bb15cfe3 2633216 postgresql-client-15-dbgsym_15.14-0+deb12u1_amd64.deb aa95e31bd9f6c16ce92b10baf7ac41d6bb8e6286 1731112 postgresql-client-15_15.14-0+deb12u1_amd64.deb 16c62f373963f279c698f7e8f011fa9c51faaf0b 186764 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_amd64.deb 5af2f32d36990389ebe877db6d511cadd82a6860 92948 postgresql-plperl-15_15.14-0+deb12u1_amd64.deb 28f5252f8f3b9e51499db679c448a210b45706d5 178564 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_amd64.deb f921308c89195efc65af04a656287ba43330e32c 114064 postgresql-plpython3-15_15.14-0+deb12u1_amd64.deb 604fa29878fd5a9e8bc1b8a0d74938d6ee17113d 79620 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_amd64.deb 5fac98f1e11e794b3f4af66448643f563184317d 45120 postgresql-pltcl-15_15.14-0+deb12u1_amd64.deb c739f27c20a98ca4a68acce9e935dd2caaafbdf4 1152820 postgresql-server-dev-15_15.14-0+deb12u1_amd64.deb Checksums-Sha256: 5227ff1c13f46304003d42a96c8733e658d78181edcb247ecf59518c09a04dc2 16652 libecpg-compat3-dbgsym_15.14-0+deb12u1_amd64.deb 848bba0236c99eae78700b4fa7a243cf1cc72c15c4bfc8c2d0d8b9e29a6fe439 19968 libecpg-compat3_15.14-0+deb12u1_amd64.deb 33c263a7107618a1dae86fa0f9a08c89aa3f0b5eea8e25c1e113b80e655df61a 281976 libecpg-dev-dbgsym_15.14-0+deb12u1_amd64.deb 165154eb46b0cccd66945d0a11941deabe7713aad04e3af17dae848ecf590c78 298304 libecpg-dev_15.14-0+deb12u1_amd64.deb 1f311e7df300b45bc30ebe8ff9e28ea0757315fa5019546aee7c947646935be0 113752 libecpg6-dbgsym_15.14-0+deb12u1_amd64.deb 3feeb3c418ec155e8dc2ce425f1a296777a69668e9c571252042cc05aae560f7 64188 libecpg6_15.14-0+deb12u1_amd64.deb 19502d31e5be594b2d509eb193d0de3ef431b17f34fcc6837e31f05ecd94098b 88260 libpgtypes3-dbgsym_15.14-0+deb12u1_amd64.deb a05e0427bd527212ee5d37cc393560726819b7f62ce462bd4d75f31691c741d1 47724 libpgtypes3_15.14-0+deb12u1_amd64.deb 770a208820cb4061c7296d80b56d1c4ae39f8007ab8c578a13fc1f5eb36ae780 147752 libpq-dev_15.14-0+deb12u1_amd64.deb 9af01b9929f647ae2f8c7a8099d0b425730390742d0630dc55b612f0dd62b47b 277908 libpq5-dbgsym_15.14-0+deb12u1_amd64.deb 277c63a99c166704782ed103faa8cb0a020d96f799aa5336ae874e8a6121606f 193948 libpq5_15.14-0+deb12u1_amd64.deb ba48dfcd904fdeaf5ea84dada69de3e0790ffab4143f1e20d0aa1f00a85ccd06 16993072 postgresql-15-dbgsym_15.14-0+deb12u1_amd64.deb b0c79b703218b4b3f4260f79466ad2ce0be9d70a9f469320075d2e53cdbd9d38 17319 postgresql-15_15.14-0+deb12u1_amd64-buildd.buildinfo 2bf02fc32635f2ca93b63290ee5eb072fd3e1908c67a6ab5545c3aaf17fdc78c 16892440 postgresql-15_15.14-0+deb12u1_amd64.deb c86c78149d26b8eafae9ee8784377dc39c659216e15e65f345f7d2c67e41e1c2 2633216 postgresql-client-15-dbgsym_15.14-0+deb12u1_amd64.deb 8a338161e679c5f96d9e80f022efdd79f69e024aeef19d7d22dbc05fe82035a0 1731112 postgresql-client-15_15.14-0+deb12u1_amd64.deb edd36b9b009d50ab4f89c89b00d8d5ec9aaf5daab5fbedef8a0c4fdea3133872 186764 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_amd64.deb 809fa8e9d3eb95280afe4f5d96c8b109fa4385a0965ee3ac74a62f686ff0f16b 92948 postgresql-plperl-15_15.14-0+deb12u1_amd64.deb 8c0ac103ae3c9f1021b54ec6651919d913dc6e06fc768ee618b25e6b1043b55b 178564 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_amd64.deb 59d6e6f6b42233aba35e53a5102cb0ae998eaeddd8edb7050a6f1243a8a68ef6 114064 postgresql-plpython3-15_15.14-0+deb12u1_amd64.deb e09a1f8fb8ef59b0a114c7ab6c096891379d5767cb563d2295e9a516c5680260 79620 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_amd64.deb ed4b0642954298ba84083a92c02dd41a69ba48c631d109b19051ebd577a80ed1 45120 postgresql-pltcl-15_15.14-0+deb12u1_amd64.deb de5b9f9a781e2d7448f01d0847174e140d68f3f8a1f94421a977436ccaa95f4b 1152820 postgresql-server-dev-15_15.14-0+deb12u1_amd64.deb Files: 0d9df75da38d89d3116c47bce8fc0486 16652 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_amd64.deb 385195f6fd551f6e0ec4321e7377bf9a 19968 libs optional libecpg-compat3_15.14-0+deb12u1_amd64.deb 9ae35e66162450193948bb99f9d1bb09 281976 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_amd64.deb 7f9a461d57fdb5c12e83f2445dbf1552 298304 libdevel optional libecpg-dev_15.14-0+deb12u1_amd64.deb 2b87c3c803f14132bda617c383e03a9f 113752 debug optional libecpg6-dbgsym_15.14-0+deb12u1_amd64.deb 79c74fac7375c928304a71368b276699 64188 libs optional libecpg6_15.14-0+deb12u1_amd64.deb be4b8ca40e8ade42bc393188f98b43ec 88260 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_amd64.deb f0d51efd642c5d9400c4dab7890dc1fa 47724 libs optional libpgtypes3_15.14-0+deb12u1_amd64.deb b788929a7eb449193f726d2a3261fb36 147752 libdevel optional libpq-dev_15.14-0+deb12u1_amd64.deb 0b16dd30e6407ad3faba0624b96095c9 277908 debug optional libpq5-dbgsym_15.14-0+deb12u1_amd64.deb e52d3fdc8719cc7b9d1b311950d05ab0 193948 libs optional libpq5_15.14-0+deb12u1_amd64.deb 2a31dac8b0464c2dcf6e1352fb524340 16993072 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_amd64.deb 7bad3d0f5a935cdf7c041083c9b7aefa 17319 database optional postgresql-15_15.14-0+deb12u1_amd64-buildd.buildinfo 549702c90fe513fb111d642f0e11eb77 16892440 database optional postgresql-15_15.14-0+deb12u1_amd64.deb 0ead47ab4578502a01ae469d8804fb40 2633216 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_amd64.deb 914197527a28bb4bad378decd94ef01e 1731112 database optional postgresql-client-15_15.14-0+deb12u1_amd64.deb 3892f96e5ed53051af197105fb50497b 186764 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_amd64.deb b90c8a7b25bb0935538c6c5faacde9e1 92948 database optional postgresql-plperl-15_15.14-0+deb12u1_amd64.deb 819482fd0e28c27b28b4a8b473251ec1 178564 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_amd64.deb 59b9309e6e02575975b415e340ac0241 114064 database optional postgresql-plpython3-15_15.14-0+deb12u1_amd64.deb 730171e0f6653f03df3e6a309b339001 79620 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_amd64.deb 7ce89dbee60af7bbfa8d9e58fe7a7326 45120 database optional postgresql-pltcl-15_15.14-0+deb12u1_amd64.deb 22a0fab72aab81325d5b2199631a0316 1152820 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmionckACgkQEbCLukZn 24qgiw/+LvugwWl5QHYaQl1jdWxT7/AQej0zxHzpECbjMkhAZoiT4o9ykdbvKckR jPg0qv/QhGwscEX8uWpje0hhuoK1GRb4AUWIb2gSH6G2MeeKV15AmeZMGzSllW5U QsWcgVg90jqqNEtVNT7gCNXM9ESsfTlK7EQbAG4/Lb7DqJsBCbgZTwqjHAa/b3Eg 6MmlbVI69dH6Gj9jB+JtKmGfk+mgGUltA59SouVpKnT5xxtsBy7zRC/X696X0GD6 +ED9uIDHt9ETJFu+iX5Q837lqHBfEY9a2w8bCkr+opFFy+ysGEUnP02oFOn/h7xe gQZObk6XFhbusrjm7zC5tCpe01W/UHA1vmn3iyo6HkBE0U2DWpKhbJFMu6/gE7ou SAHSlq/4Wi2+U1jOWTmx9eRXZjBrXKLkPxL64dg8FbeqmEqyndiRL4xWwuc71tw7 QMwjiBKVP48nhfm+rrFqO0IJEHjauZt6zyvIBtIlk5TJBFn4+P7E07juKwMbgBth LvGKlveHkcZdgdyhgnl6G8jZC+wyFxSXIBZOAEWr+X+814RnobZUHb0P/575W9en GjFpGc8268wL49Dv4fwuc0rPwP3wAgEMqn4/Ea0ZJowYOsafjRNAE+WAwMCr3xJR cZO1XBIIotiL04RT3jZJ/k68yV8yfZyJcw27m2YtNBDwzXiuCIo= =wEVY -----END PGP SIGNATURE-----