-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: arm64 Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: 19048f3f1f8b86bf9d47f78ed603d74feb18243d 16520 libecpg-compat3-dbgsym_15.14-0+deb12u1_arm64.deb d89e0822730a27a0013c2c1de02a90cc09155467 19704 libecpg-compat3_15.14-0+deb12u1_arm64.deb 91926295f340f899d59543e2b38492d601e32bd9 274776 libecpg-dev-dbgsym_15.14-0+deb12u1_arm64.deb dfea64a843fa311aa7fbbcc3ccf202b813cf8add 282964 libecpg-dev_15.14-0+deb12u1_arm64.deb 94e931f2f690dc5ba4b91a0cb5050bee48781d98 113916 libecpg6-dbgsym_15.14-0+deb12u1_arm64.deb dd3feac71fa86864cbc338fa21900b0f18427a0f 61424 libecpg6_15.14-0+deb12u1_arm64.deb ce3a192ed37d06a4a863a2fce34387d8a14c6433 87388 libpgtypes3-dbgsym_15.14-0+deb12u1_arm64.deb 4daf47fa4e7348f1aee522294b6c93ecdd9c68c9 45460 libpgtypes3_15.14-0+deb12u1_arm64.deb d0d06543a497b0428dd32b4fcad7d24658a8f94f 144124 libpq-dev_15.14-0+deb12u1_arm64.deb 052af74403e3c98539e791b8975b1f7261d19b68 275504 libpq5-dbgsym_15.14-0+deb12u1_arm64.deb 58599ef9824f35df48ef62be6d2b07fe2e6de043 185364 libpq5_15.14-0+deb12u1_arm64.deb c14f6b1af90a02c207aac6b95bb3affa67d2776a 16908704 postgresql-15-dbgsym_15.14-0+deb12u1_arm64.deb 67b995cbb9a7a9b2e959fae8324507e0e73b9155 17296 postgresql-15_15.14-0+deb12u1_arm64-buildd.buildinfo bb44376f95193eb153d2c09daf169769618b2920 16411280 postgresql-15_15.14-0+deb12u1_arm64.deb 2726ddc119eba628bdc1cd2a6a022091a470f57a 2654396 postgresql-client-15-dbgsym_15.14-0+deb12u1_arm64.deb f91d2b28b199f0e3a0967ebcae22798b30ba4603 1678116 postgresql-client-15_15.14-0+deb12u1_arm64.deb 72da7b856b3d5f6ebf42915be230f4e3ff104cfa 183544 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_arm64.deb aaf0cee396c5ab0267ca0575bfa18e9452cf9891 89780 postgresql-plperl-15_15.14-0+deb12u1_arm64.deb 39723729f2c141168873cb1df2b739f073ef6288 175664 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_arm64.deb 40556f730d8eb8423f4ed9a4c515c588a1b5e3e6 110176 postgresql-plpython3-15_15.14-0+deb12u1_arm64.deb 44eb9f87932b0ba95f649fbbf7bd61f487eaa0d4 79364 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_arm64.deb dc0b90cb134119f1077e9a1cdfb40b5792677e7c 43504 postgresql-pltcl-15_15.14-0+deb12u1_arm64.deb baa6457e3cab54ae0053ccb09d96aaaef4f8d96d 1147788 postgresql-server-dev-15_15.14-0+deb12u1_arm64.deb Checksums-Sha256: fc935d6c7070f1e3e1a12720471472cc10b99fd76991925b7c43e62301d2b367 16520 libecpg-compat3-dbgsym_15.14-0+deb12u1_arm64.deb 576624171831310c8c41850af7a491dcbebaf2bf13e1ec52dd41c4f4c15cb417 19704 libecpg-compat3_15.14-0+deb12u1_arm64.deb 3efff4b46097fa55c1905461c7ef775744880ea9e9d8ed5c64d6c31d0f27bcdb 274776 libecpg-dev-dbgsym_15.14-0+deb12u1_arm64.deb 02fcd885bcc17184825e602f1b712369a705942d05644921e8fb566985189f6b 282964 libecpg-dev_15.14-0+deb12u1_arm64.deb 597e0a63f7f67dfceeb1de976c3e676f039b5a886a9320633a7129da4371391a 113916 libecpg6-dbgsym_15.14-0+deb12u1_arm64.deb 78596bfb2658c673720943e1a69afa5e07d2eb75687b1b102c98911e4048d13b 61424 libecpg6_15.14-0+deb12u1_arm64.deb 3fb856d39421c7a751d403bb92a0a953aef3f088fa208e8f9741f418cf7204e5 87388 libpgtypes3-dbgsym_15.14-0+deb12u1_arm64.deb 809c3cd532a9a109ae2ad3569b794c83352e3283cce566369d5bec3d1dbfd90a 45460 libpgtypes3_15.14-0+deb12u1_arm64.deb d14a08d12404f0a29ed691fee37076756054ae942f778d6b093d12c6c39af62a 144124 libpq-dev_15.14-0+deb12u1_arm64.deb 04a32b557e291b607388e5d18bfa28ee15f6d46232b5cd3b69939452ae70b09a 275504 libpq5-dbgsym_15.14-0+deb12u1_arm64.deb aed9723feae2305e17b73dd02d95865ab0b80f0164baa14b34b436316b251b6e 185364 libpq5_15.14-0+deb12u1_arm64.deb b5dc2f99b9dd3abd2f92f74cea0ceb4c0e7d050b1a4ef9fd09fc3622da2a9ef5 16908704 postgresql-15-dbgsym_15.14-0+deb12u1_arm64.deb 9f2f106bda75884ae86aa00d2ee7b09f95326ff5e8636c5eaa8a26ad29177477 17296 postgresql-15_15.14-0+deb12u1_arm64-buildd.buildinfo 117379cff7eb1807ebced8104488bd0277243aa4d43bb9604a5b1da39db5b3e5 16411280 postgresql-15_15.14-0+deb12u1_arm64.deb b288ac77335f939ef1a734b3441ddc91d43067b6acf9b67e8445010fbf93cd32 2654396 postgresql-client-15-dbgsym_15.14-0+deb12u1_arm64.deb 0a0a3d7d39397f727882fbb7d42307066a706802ba85396ce8e93baee370ef3a 1678116 postgresql-client-15_15.14-0+deb12u1_arm64.deb dd9af496bea8d320412de203cd83569d500b9a381700d879dddc855d48632b6f 183544 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_arm64.deb e4c2fc4c1d64cb52f35e84167e8466a082690401ef396b88193f609340d4ae93 89780 postgresql-plperl-15_15.14-0+deb12u1_arm64.deb 9c35592b7bd649cbc5ae2f25569699f508a12226a4a6562e7b1d31a83fae6ef7 175664 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_arm64.deb e3a377527a82090dcf68aa0a8932777e953e6150c0b616b135f431dca6726895 110176 postgresql-plpython3-15_15.14-0+deb12u1_arm64.deb afcadeebdce0fe8f11e25c6b9b3435c5defe687d9519cfb24c5d4d97f16a9ea3 79364 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_arm64.deb ead7686721f3962592a7843d8afab250f5360b403621d4d13c7c63fe8b16d0b7 43504 postgresql-pltcl-15_15.14-0+deb12u1_arm64.deb 81a8ca736d6c1383ff81cb78ce50edc9316389d077c0c0b3ef40d01ef3e691cf 1147788 postgresql-server-dev-15_15.14-0+deb12u1_arm64.deb Files: 50c6c215cd21ced903a8e3995602d3a8 16520 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_arm64.deb f52b4bbdb05880159837674dbd3b6318 19704 libs optional libecpg-compat3_15.14-0+deb12u1_arm64.deb fd18ce5a5dc2b016668a1e2521b6f146 274776 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_arm64.deb c7180261ec993fbacc6e6b4b116e12ec 282964 libdevel optional libecpg-dev_15.14-0+deb12u1_arm64.deb fd83086e6d1cff24e5b24294c0e2b6cb 113916 debug optional libecpg6-dbgsym_15.14-0+deb12u1_arm64.deb 24d35285340c14642fa7b8c131645506 61424 libs optional libecpg6_15.14-0+deb12u1_arm64.deb 742e5e6138ac689837cf06568b3b81d4 87388 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_arm64.deb 18aaac11fff07e7744b2fd3db97a27d5 45460 libs optional libpgtypes3_15.14-0+deb12u1_arm64.deb 1f2106be94e74f33c407836c42ad2a65 144124 libdevel optional libpq-dev_15.14-0+deb12u1_arm64.deb be5fe23267606434ec169ccd902c0383 275504 debug optional libpq5-dbgsym_15.14-0+deb12u1_arm64.deb 9ca1874e1ea196244d2c2048ebf05080 185364 libs optional libpq5_15.14-0+deb12u1_arm64.deb c3d025a8df6f6d80a9a4db34c89826d9 16908704 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_arm64.deb 74ae5faabfcfa51f920f68382cc61ec1 17296 database optional postgresql-15_15.14-0+deb12u1_arm64-buildd.buildinfo 49aef1427c896630b9c1a9750463df46 16411280 database optional postgresql-15_15.14-0+deb12u1_arm64.deb 5e8cb622e14276a942472fa7e757c1f3 2654396 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_arm64.deb 1ccb5b69b1e86949079bf199df40e7fa 1678116 database optional postgresql-client-15_15.14-0+deb12u1_arm64.deb a4cdd90a27f06cc07cbf3ab5beb7b000 183544 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_arm64.deb 2a63d3e994d3c70bff5a611df801e08a 89780 database optional postgresql-plperl-15_15.14-0+deb12u1_arm64.deb 7dac04e2f0caa5f0551176c40883698e 175664 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_arm64.deb 189ef0f4a9b231995832c9a00ebc5a3b 110176 database optional postgresql-plpython3-15_15.14-0+deb12u1_arm64.deb 6d9079c822c8c8c50ac74482b1ff6f80 79364 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_arm64.deb 34c707b86a59a27d063cdbae428383dd 43504 database optional postgresql-pltcl-15_15.14-0+deb12u1_arm64.deb d6dec57835d9906dd64a021acfee0485 1147788 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmiooo8ACgkQlST9Us03 ywu8JA/+Ji/kHnQ0Ac12h9gUsZs+6iH8Gi6KpcgenrNOnqnH7vp7SgP0wvZln9l2 7TDaQ2unV6oiCoJTTqtKGrxqzQ9EQ0vEidNvs7jAbehIhGWIRfjjvp0cSos3yXql DWZ3/M0m6720jV6ULcI5MRe/WXh+r8++Fd34BqOzl3q3em4UCGk1qRlhp+0yIxFN VW4AQ35lqOwHicB6plNY6O+VY1yaEKny1Uxhh7bKqjaDaqZSCUHPiRq+MZ5SNi2b DZ/rYcFvGwVaJLy6GoKaTIzhXZ5AEUx0IU0UzG+iHxi0YC5j6o9y2qc8leMuatvr TvaqUlHDqsY0etVgd8ckpygO21UD8sV3AdHtEhELbfrOwTLjjWxc4sk80RXcZtRz e6SplQKEMtBjluw+NUWpjuBMxP+fxE1+iVcJzQN0GU1LTqBdpLKaIRBd1JCmnr02 7FWanW3S7biowNv7rDgOwh2OvhH8Td4Ges9eOJ+OlzI9g2KV0YEqQsbG6Z+Y+pK0 AsEIjC+6+KBfFUdVFHJfBQdVwABYl3AZoN/3eef7z6DLbAPPdsNHjvASkMlq3biy OInfoBjHx3Vgb0+Hg/Dv7R3g3+wgzUPsnwj6A8dJzLhhhMqIGx3kWNRoZ/I9kDqX 7nL3H8qUWnSeCGISuZlvqdxEYv5Dna3Vr34r7mk9K1sw/vPOAMQ= =2jrc -----END PGP SIGNATURE-----