-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: armhf Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-01) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: cd664bddd8594ae0c764c8d93d49964d7e6e9237 16676 libecpg-compat3-dbgsym_15.14-0+deb12u1_armhf.deb c1e19a2dd94f2b5a8721937ef934e3eefc3b2d37 18736 libecpg-compat3_15.14-0+deb12u1_armhf.deb 575af76187137c99cae8ca0064647c71e6fe1784 236388 libecpg-dev-dbgsym_15.14-0+deb12u1_armhf.deb c7bc9a149de1d3e75c6c03776dcb1f3b1d48c7d4 280372 libecpg-dev_15.14-0+deb12u1_armhf.deb c89ef0089714a2838cae37204fc10af09f72210d 112208 libecpg6-dbgsym_15.14-0+deb12u1_armhf.deb 42056ef861f9cff00f341a0cdbceaef8d3734fcd 56328 libecpg6_15.14-0+deb12u1_armhf.deb 6ab79180cc85ae70dc5720e5caf9e91fe377b286 88592 libpgtypes3-dbgsym_15.14-0+deb12u1_armhf.deb 95845caae1df0370fde79358ca983534e6da62b3 43264 libpgtypes3_15.14-0+deb12u1_armhf.deb 33fca0c96bea3c7bb5f20a462df056e29b08b134 135872 libpq-dev_15.14-0+deb12u1_armhf.deb 2eaa5f2aa1747e31fe72fb146ff770c7da6d5919 274548 libpq5-dbgsym_15.14-0+deb12u1_armhf.deb e76af2a12d759b1d5911aac39f07a80a512c550b 175176 libpq5_15.14-0+deb12u1_armhf.deb 16885828a86d3dc736e029e5221e769d61837b4d 16304704 postgresql-15-dbgsym_15.14-0+deb12u1_armhf.deb ec9bb22103b8e617738f556ed933073001b9c274 17140 postgresql-15_15.14-0+deb12u1_armhf-buildd.buildinfo 1d37983293fde491985f030f4bbf3caf0aefbf2a 16105540 postgresql-15_15.14-0+deb12u1_armhf.deb 44fae46567a1be829b2d8cc1c9d01c80d9f9f523 2441580 postgresql-client-15-dbgsym_15.14-0+deb12u1_armhf.deb 6fe80ec08a1a1314f6f405d4642b43d71d7f435f 1634708 postgresql-client-15_15.14-0+deb12u1_armhf.deb d3934fa83ef8d4bd797ba1679b81c411601dc547 182804 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armhf.deb 401b965cc6006f2816bc72b290a729590761fb44 89476 postgresql-plperl-15_15.14-0+deb12u1_armhf.deb 204cc69f624846cfa1d11a817a6245b07a0b4b6d 172564 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armhf.deb fef40607aee6951cb5440e3c8772d9bf55090286 107936 postgresql-plpython3-15_15.14-0+deb12u1_armhf.deb a950faed175af8563668bf4cb44de8ae51d9ed49 78336 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armhf.deb afae02fc32eb4dc54de881c245b16c599a020b58 42524 postgresql-pltcl-15_15.14-0+deb12u1_armhf.deb d03b7c2b0350bbda03e7d94c5a689b9489cf3732 1136916 postgresql-server-dev-15_15.14-0+deb12u1_armhf.deb Checksums-Sha256: 089ee3b5fd9b5ae1050002fc9bf50a1f3e751fae10da89a2d7f255cfeb90f87c 16676 libecpg-compat3-dbgsym_15.14-0+deb12u1_armhf.deb 6f13604dfbf4c5c42e5a66e20b044aa45ff820b138733cf1baccfb4b622fe429 18736 libecpg-compat3_15.14-0+deb12u1_armhf.deb e0c9165bd365da9c9999be38061c4d54d5eec8fa11daf774d71332e8456784bd 236388 libecpg-dev-dbgsym_15.14-0+deb12u1_armhf.deb c60a66b2779ea81993f719f3f7e97ea257eedae4df03487ed85cc6469c26c2f9 280372 libecpg-dev_15.14-0+deb12u1_armhf.deb 750b2040041c8b7cf2cc77ebfe8e2e886f6d3989d1cc6f13d053b9fa2164e4db 112208 libecpg6-dbgsym_15.14-0+deb12u1_armhf.deb b26c198dce1e2ce35f9de45c190ecb879fd7b6758ebbaf28ae15fea1e8bffdfa 56328 libecpg6_15.14-0+deb12u1_armhf.deb ed7cd43e918695bc01d9632c7ded4df875131e33556f60bee95b21ccce6be37d 88592 libpgtypes3-dbgsym_15.14-0+deb12u1_armhf.deb a8985367211d3f6b0d9bec7d3d286b93f9244ed68bb0f7d512722c19a143a286 43264 libpgtypes3_15.14-0+deb12u1_armhf.deb 88d1cb1cc0f3e5369134405e276e4c5a6ac4e5a0ceeb2b93fd7d3abc19e445e5 135872 libpq-dev_15.14-0+deb12u1_armhf.deb 5d6f785c3c635df2595b3bb81a7b81deb049b63c3ada473f9a5b810b7275ebb3 274548 libpq5-dbgsym_15.14-0+deb12u1_armhf.deb 14e17cf76338be5fbec871cc6b87c89e317510b3d25640703adf7b16ebc031c7 175176 libpq5_15.14-0+deb12u1_armhf.deb 3fab6722ca439538b237db27de65136a29f945cc004642724ee3bd4b7319f5d9 16304704 postgresql-15-dbgsym_15.14-0+deb12u1_armhf.deb db2d0dcf9e6761b9522f758977db95564de50b492cc2941bbf264aa6b71b3596 17140 postgresql-15_15.14-0+deb12u1_armhf-buildd.buildinfo d2d696a3f542a8e6fc04f78c82a9d7d3aaae8ac98f50e18352a4008a07b1b04b 16105540 postgresql-15_15.14-0+deb12u1_armhf.deb 9e892b8b51e855e9a0a5e6fcec9172026343d6a72ea580c4f48a312a0a2de3d5 2441580 postgresql-client-15-dbgsym_15.14-0+deb12u1_armhf.deb 5e9a1f3f19e40d6e927c36c61f834dd8ca52455fdaf9595a74a00fecd4ab0d0b 1634708 postgresql-client-15_15.14-0+deb12u1_armhf.deb 0d7385d7a65211e31e2369e0f17fef436cc6151d90956b2571135cee0bc948ce 182804 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armhf.deb dc63f21ea44b245570578bca4da8603df0f62ee07b9dc7e3cc1ff985dec54e11 89476 postgresql-plperl-15_15.14-0+deb12u1_armhf.deb 9daf403fba2cfdecdbc9fa252ced6905e555ab5df384c8135fac01f3a47e2c08 172564 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armhf.deb 9238573031c7307d505c6e9948407df2ced6a85b8532cc084888422bc5dacc09 107936 postgresql-plpython3-15_15.14-0+deb12u1_armhf.deb 4e8edab5c936d59c01b5fb69ce3eeba5021aea665eca7d7fdc40add5a38dd874 78336 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armhf.deb d53be5d8a24c6caf66405a5e21be493fde5da632abad64510907e82b2f15b10e 42524 postgresql-pltcl-15_15.14-0+deb12u1_armhf.deb 293c222e74772ad222821fc02e7e2c77f4b38ca92026b57ad5f79c91545c8ea7 1136916 postgresql-server-dev-15_15.14-0+deb12u1_armhf.deb Files: 7afbac076de980f54c23218955665368 16676 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_armhf.deb b10c5ba8c20a638e269966a912234b55 18736 libs optional libecpg-compat3_15.14-0+deb12u1_armhf.deb 4c92d675b5419c531aae7f901471fb8f 236388 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_armhf.deb 059e10a8d99809ac8976a5ede12799d0 280372 libdevel optional libecpg-dev_15.14-0+deb12u1_armhf.deb 8f5c4a456db6f6ede216d86008b8b082 112208 debug optional libecpg6-dbgsym_15.14-0+deb12u1_armhf.deb 2edd6920ac731deea5cca441cbd4f496 56328 libs optional libecpg6_15.14-0+deb12u1_armhf.deb e4013f2c4127c3779ec2e3531c7d2f43 88592 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_armhf.deb 615bfbeab904cfddd01abaa824e7639b 43264 libs optional libpgtypes3_15.14-0+deb12u1_armhf.deb ee328d1ea854afa5eb9ca152a45efc5b 135872 libdevel optional libpq-dev_15.14-0+deb12u1_armhf.deb 7f2f98d6655ed9fed8608ce817c92284 274548 debug optional libpq5-dbgsym_15.14-0+deb12u1_armhf.deb c97599b616aff065d343e4a5fd97470e 175176 libs optional libpq5_15.14-0+deb12u1_armhf.deb ceb2b8e3f401b766efa4cdc553d71218 16304704 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_armhf.deb a40bc5fd07046360b584d33310f2349a 17140 database optional postgresql-15_15.14-0+deb12u1_armhf-buildd.buildinfo 7a991e83066e5bdf7342f0f6d25e4797 16105540 database optional postgresql-15_15.14-0+deb12u1_armhf.deb 65cff82ee7046c93d2750ac71f375f16 2441580 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_armhf.deb 8ad6ba34c3b14b80a7cb45717d9629f0 1634708 database optional postgresql-client-15_15.14-0+deb12u1_armhf.deb 8dbd1eca8bdb902cf25542aca8025932 182804 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armhf.deb ca68ded3ec96d74aa62ae7894bf184a2 89476 database optional postgresql-plperl-15_15.14-0+deb12u1_armhf.deb f1edf1cafde6ea35995d10495d6ca1e9 172564 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armhf.deb 932f28c8bf5ab9966ab88c357fecb0bc 107936 database optional postgresql-plpython3-15_15.14-0+deb12u1_armhf.deb 4a1dbf66aa0ef06d42b77d921678c712 78336 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armhf.deb 7fd47f1761f043b50b67465dc87b0944 42524 database optional postgresql-pltcl-15_15.14-0+deb12u1_armhf.deb ad6cc63c11d7aa221f2d139d1545bc89 1136916 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEegRwmIwj8f99iF4m4CwlMGxHD8UFAmiopJcACgkQ4CwlMGxH D8XhzhAAn0nggH3A9r5j+Y/9jRueul3ohlVpg4Mtjo8YjIxRCSQoH0PfvtHBQCBj qKII6B92qXuCVjp8mHK2lDwmfTZ9tOhVMTkNqD7y/fSBCVrE9jHw7UG9iL+wM2Kv ravMBtR5ZcgbmZ4lKIMrp+ZEQ75Ewq303DIJM6pWZfgjNkvwNg497vkcXQwdUiRA xdOmkJJd9MlFkv7V6feqb/XwraR7ecNzYNwgJgihIvAYTVtHaUNMRnPTUKbSQOXR RwRnZKqWyXuC6EMZ+aZTTaG6vSsr3iALeuHHfbKwBFe2AgI9s3yWl4qjx50Wyr34 ymA2FQ5i0CQDsvc0fIJQFEsKIAd0N+fr8D0BHx2Xo9Jj7g9CbeG7my2HjTa5f2EQ Ki9BRUvG5qI1SPnxHCMJ7nSEwrsW8dTjXDptrlYll5lP2Y6H/HMqjb/if+E9U4GH 7I5ElbzMGUeLDYr7OaAp677oREzZzePHsAfdJQDQ4XAmvJgfFkWZAi9IL5tySyVo wt7P2ZH00Zz65mpm4p68EvsO6fcHybF7CJuZDav+VpDOMF49lGpnsMoxtI3dz/lY Wf00V2oDP3Sx9EsQPGf9GZpQwQ0G12IPdtiVQOQneE7+60MJdsFQ/kMo+9u7M34C ZmFLnQ3IFQHayXSoG19n4mZ0Nle1pVS9eVsgqaHMTYn8sd2YVTM= =xrBc -----END PGP SIGNATURE-----