-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: i386 Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: 723d55631333740f2525992f914e321ae03fcbc9 14412 libecpg-compat3-dbgsym_15.14-0+deb12u1_i386.deb 6c719ffc18f6bedfcf81043a675cc16350ff1b4f 20408 libecpg-compat3_15.14-0+deb12u1_i386.deb 965673c66cf8a4f536f62308d13ec73736ced5b0 271152 libecpg-dev-dbgsym_15.14-0+deb12u1_i386.deb e9d7bf9f5d5ba7c9315672be8d17502c9797a864 308676 libecpg-dev_15.14-0+deb12u1_i386.deb 509dd8d3404c48d2afaf87bae4ea4a40a7571a9e 102384 libecpg6-dbgsym_15.14-0+deb12u1_i386.deb 45b61d39461152bd096742104d21144cc77cb591 68096 libecpg6_15.14-0+deb12u1_i386.deb a0aeda28626fbe68d26f0122599efda22b7b8257 80800 libpgtypes3-dbgsym_15.14-0+deb12u1_i386.deb d12cb1884f2e3737e76928b428f6fe6fdcccfd54 49828 libpgtypes3_15.14-0+deb12u1_i386.deb d08cc8d698da2d71ee734cefb0310e14f2146428 157016 libpq-dev_15.14-0+deb12u1_i386.deb 0a3aea0f5ff49273eddc0d45d3e8694a2578cf02 242412 libpq5-dbgsym_15.14-0+deb12u1_i386.deb 6ea13b2e9c3e7ffbc8a826828e4c0e0a5df1d18b 201512 libpq5_15.14-0+deb12u1_i386.deb 33863349520f8d64ea03efb647d0802c6c1263d1 15391188 postgresql-15-dbgsym_15.14-0+deb12u1_i386.deb f253b75db26ba41cd363ec86ad0b381956a3d32a 17183 postgresql-15_15.14-0+deb12u1_i386-buildd.buildinfo 26ddefb50e5a88a065ee0251e415cf2507c50e64 17115036 postgresql-15_15.14-0+deb12u1_i386.deb d0b34426bc69493306dca59875ebe2b1b9425e42 2269808 postgresql-client-15-dbgsym_15.14-0+deb12u1_i386.deb f33628a560ad488ea52883fe6c6bc12e133005ff 1750604 postgresql-client-15_15.14-0+deb12u1_i386.deb f40358b4b8bf515ff65c2695ed5f673e627ce648 173744 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_i386.deb a21a307a242a5542b14f7e2f396e4b4bba857735 96412 postgresql-plperl-15_15.14-0+deb12u1_i386.deb 418599bdf10d5538995cb2f5eca554d3079a3742 163916 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_i386.deb a24d0f7950ea983225545331551f137df53d4abc 116912 postgresql-plpython3-15_15.14-0+deb12u1_i386.deb ef2ef0fc7a829d35c5ddb2208781fc434f75654a 74168 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_i386.deb ddb69074eee0a47e82e83d2207ea34aaa55d31d7 46576 postgresql-pltcl-15_15.14-0+deb12u1_i386.deb 3069f229bd1a1a34e51a5156c48ac74980a791a8 1167816 postgresql-server-dev-15_15.14-0+deb12u1_i386.deb Checksums-Sha256: 88c67c38f6380b31bf151adc620cdc51177f5f6f7938b51bc3ad626ff9e3f9f6 14412 libecpg-compat3-dbgsym_15.14-0+deb12u1_i386.deb c24f701642a5d5e5ad865d15cddec4093b170c093feca4bd39840727c470f22b 20408 libecpg-compat3_15.14-0+deb12u1_i386.deb c216b5531849207717dede8cd68c2f1d003e864802991403d04f6c865e788058 271152 libecpg-dev-dbgsym_15.14-0+deb12u1_i386.deb 69216a3fd7ed620c589eb7b263de8f115ea7da9008121ab81ddb1e11a56787b8 308676 libecpg-dev_15.14-0+deb12u1_i386.deb 112a62937b90d44f8020cbdcc474d98dbf4b70d4abafc015f2249541bd44bd59 102384 libecpg6-dbgsym_15.14-0+deb12u1_i386.deb 18e5a395aa5cc9ffc389c6beb3e90eb8df19c863c41bf8d01b44b28db8d8320e 68096 libecpg6_15.14-0+deb12u1_i386.deb a50e100919d39c83f482481748345db878c66534515e7217df4f566b7c910fd3 80800 libpgtypes3-dbgsym_15.14-0+deb12u1_i386.deb 06ae6dda5bbac5adf01d4593fef4721ac717f7146b92d55a2fe140fec8d24610 49828 libpgtypes3_15.14-0+deb12u1_i386.deb 2fd16acbd6d059704898dc64a0013fa31dc4391d601228a546db461b92652987 157016 libpq-dev_15.14-0+deb12u1_i386.deb 809c5340061b840c9e852bf30de35f1d33311b8131c1ba50d4255b4ec3931be3 242412 libpq5-dbgsym_15.14-0+deb12u1_i386.deb e50117a1ac0217a137b6dee60a66e17145185be0e72dd58c86e20bfb46536e62 201512 libpq5_15.14-0+deb12u1_i386.deb b0acfabfdc1d7f7df137262a3685c6fe08baa004f0ae6435967baf686ee3cebe 15391188 postgresql-15-dbgsym_15.14-0+deb12u1_i386.deb a5f1416be5b665b6ffa4eac778ea569d006fbe2b1f0db3a36101e98f01ee6a4d 17183 postgresql-15_15.14-0+deb12u1_i386-buildd.buildinfo b8f60010a9470d4162643b0a73f8b5823456de3ab10a59cc2a18d4f57762a5a1 17115036 postgresql-15_15.14-0+deb12u1_i386.deb 2be47f0ecb4387dcb0b9393f08cb2fef3b687f2221b9ef18f7d09cf5eb3bf621 2269808 postgresql-client-15-dbgsym_15.14-0+deb12u1_i386.deb cadb9a6e81c5094ee4e287e02b1000cea0d70db2d66d723570c9cd4c355f91e0 1750604 postgresql-client-15_15.14-0+deb12u1_i386.deb 53cce2e6ef2c63f32c5c4a18cc0da9d188775555db8073e3ae92ccfc3877517e 173744 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_i386.deb 737b51d7fc508b525bf7ffd79798a48a0158e57e49b9fa928f14214ddb2f0c56 96412 postgresql-plperl-15_15.14-0+deb12u1_i386.deb 440f6e161a5944e8016f52525558366eeeb85cde35b54af47446835bc509efc0 163916 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_i386.deb f41dc2824d77f9a35e0a305d5b39fff91f7081d4432353f2ed8115260fc35d7e 116912 postgresql-plpython3-15_15.14-0+deb12u1_i386.deb 805a8e7c6073ca67ef2d415b1c661c140ed2aa52d48276b656372afcbb14b8d5 74168 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_i386.deb f331702305912d9779fd84a9ba4559e39c74948cf506566bea0ffcbf038a644c 46576 postgresql-pltcl-15_15.14-0+deb12u1_i386.deb c0d103b601a55fa2af529b8b65782a49b8c162587d36e75d29d44999f13b7098 1167816 postgresql-server-dev-15_15.14-0+deb12u1_i386.deb Files: 73e45cb118e58a7ec6d64305cf0e7d93 14412 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_i386.deb b43f21b06f605b6379bec9402ff9c714 20408 libs optional libecpg-compat3_15.14-0+deb12u1_i386.deb 81f902759eb3ec64a08199db7d089ba3 271152 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_i386.deb f3fe10a5bd649ec201859bf4252a0c15 308676 libdevel optional libecpg-dev_15.14-0+deb12u1_i386.deb 13a0053056847011dca409bb15f34118 102384 debug optional libecpg6-dbgsym_15.14-0+deb12u1_i386.deb ac6407a58b3fe93ea86e42c1841cc142 68096 libs optional libecpg6_15.14-0+deb12u1_i386.deb 01c39661cbef26f5eaf23db6ec9f168b 80800 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_i386.deb 633e36189e73caf2d66a35e7b320bf71 49828 libs optional libpgtypes3_15.14-0+deb12u1_i386.deb 32492ec738949d00b976e5db4bdcf418 157016 libdevel optional libpq-dev_15.14-0+deb12u1_i386.deb bbd77425e5ca74099b3f204c35348479 242412 debug optional libpq5-dbgsym_15.14-0+deb12u1_i386.deb 2de542463bc0d8a763dc8592a00c583e 201512 libs optional libpq5_15.14-0+deb12u1_i386.deb f16fb5cc1f2807fe3388fc7872d591e8 15391188 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_i386.deb 78887a317d678ab85ac071bb7921055d 17183 database optional postgresql-15_15.14-0+deb12u1_i386-buildd.buildinfo c51733a3c7f58fad898378cd18c499aa 17115036 database optional postgresql-15_15.14-0+deb12u1_i386.deb f3d244a9a69d0fcdb3475f1f00493e30 2269808 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_i386.deb e2c4db4f8d16b8e9519305d3eab77151 1750604 database optional postgresql-client-15_15.14-0+deb12u1_i386.deb ce5e88bb75e8c1371539e0f09da36fd2 173744 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_i386.deb 5ce121562cf04076ed7048bb69d057d2 96412 database optional postgresql-plperl-15_15.14-0+deb12u1_i386.deb 610f434cdf32a2687b80a00dd3c82878 163916 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_i386.deb fd20f4d596c504d24262a5f5a4cba605 116912 database optional postgresql-plpython3-15_15.14-0+deb12u1_i386.deb d27c13c8366c621e51cad83410f12c03 74168 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_i386.deb ebf0394237bfe2b3dcd578bf573c9a0e 46576 database optional postgresql-pltcl-15_15.14-0+deb12u1_i386.deb ad2d7a653484c3423a1364eed13a4314 1167816 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmiopUEACgkQJuP6X4A0 XeJLqw/8DaCLi2Lj/N9XX950PcSOeYZZa0+DHclY7ZeYq/KlZs4Ce7C5dzWeQv8z r36YV4XBXqYMbvioDw8mPK0/uoLgYvnR4gfuXDBF/Chrf/Oj2yMKdzFRIUIMaahy mdDHGwHI3klBqliZ6uQWlNBxJgenthH5gedr/DjBpcfYYJxon2neLyMskkR6Svg4 7sKvXxizDgp2s7Qh0bIzFMBFadv9PNi40F08GYX7fqijDPFHpQUKxSQxvuIoY9uF yGEtvE726OIMHwlKy+leOylQTTFCwTlhQsmOSJtqnMU18PReSxe3ao6C0xcH0yE9 lUt4787IP6pQKAtNarg7hhXRueL4iGpp5eJ9GtJu/sfxfxu9SH/PrstEeIGmTEpl +tihxte4q+uJLmeeVlG2naHUCsj7U6gGPN+GXSgh1+UDl6IwOhgBjofG8Mt3KQyz quaZV0fWUtgNeDHsr+53UpXwlNjpjyyCnMJK6CscVhzZ/CyHAsBk9VG4Izyg9KZk +4wUFhKQRHOQpVOwK9DEY5xeoFsT4nZxUQvoKwSb8zQwhmn9w2+vsRjRmw75/3Us Uxn26IsGQ7fHWqCwdC4nk5TbY+Bl7FYUDsKSml0LriQ9vJe8Xz308t46U5KIyi6u dXXHUxP7dc2KxHCP+qUDBqNtAkvT+7g+rAoy2Ul1ZIJRbLou7U4= =WbHt -----END PGP SIGNATURE-----