-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: s390x Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: 0a305ac32502c6e7db7f9eeab9217fbf397ddd95 16512 libecpg-compat3-dbgsym_15.14-0+deb12u1_s390x.deb 40abd47c96efad069fc2f27df39bafefa8266e90 19720 libecpg-compat3_15.14-0+deb12u1_s390x.deb dd3ab01f00ebb2ac25252bde5d99ddb54c61c765 214400 libecpg-dev-dbgsym_15.14-0+deb12u1_s390x.deb b48b00e2713694e778d82a66fc8cf84d64667477 282872 libecpg-dev_15.14-0+deb12u1_s390x.deb cac88e7c48a69d30a0c7d30aaf78e147deec8cea 112784 libecpg6-dbgsym_15.14-0+deb12u1_s390x.deb 4c3791e1d8838520260560d9e597c2a1a3f9ef26 61500 libecpg6_15.14-0+deb12u1_s390x.deb 9b94ef20b5c8157e4e0570fd507550e8a0fa212e 88376 libpgtypes3-dbgsym_15.14-0+deb12u1_s390x.deb 9e0daf9432cd3defc91e2ddc6f4b50de98e15c78 46572 libpgtypes3_15.14-0+deb12u1_s390x.deb 920ab93ccc18feabb1f57007ade399c6a7c59015 140676 libpq-dev_15.14-0+deb12u1_s390x.deb 53f62e766fc41678725e1cb96e0e86b4f2a15383 273320 libpq5-dbgsym_15.14-0+deb12u1_s390x.deb ba8502202a471bb9cf52a696e79e444e0ac18b62 183524 libpq5_15.14-0+deb12u1_s390x.deb a34dda93898c2bdf85f0a03dc9d11d48353c4343 15465600 postgresql-15-dbgsym_15.14-0+deb12u1_s390x.deb 7f0baed55741502a4b942db3035d21b3de7f6b33 16210 postgresql-15_15.14-0+deb12u1_s390x-buildd.buildinfo a51c3492598fa4ab9e9d9703b118de7a0d8dea35 5683092 postgresql-15_15.14-0+deb12u1_s390x.deb c9ce514ce946eb9965e66e7d5f5e678a3a43fb03 2445396 postgresql-client-15-dbgsym_15.14-0+deb12u1_s390x.deb 1e4d2f42e892c7b0ae2dbbde58c9421af49d9da0 1670044 postgresql-client-15_15.14-0+deb12u1_s390x.deb 0e3e31bec446b8738c2b06ef54d1d4476416fa3f 180552 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_s390x.deb 5e30634927301b11c7377b6c713c0c94867b51fb 68084 postgresql-plperl-15_15.14-0+deb12u1_s390x.deb bfd90eb94caed7788647681b4801ca9122efe086 170324 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_s390x.deb f317c51b09a3055fd59765f3937563242efa6f79 91044 postgresql-plpython3-15_15.14-0+deb12u1_s390x.deb e380d2da437b0dc43f8ab4be919313e61bbdec9f 77740 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_s390x.deb 78651de38181e55f52e29efbab9a816c43cdd87a 43704 postgresql-pltcl-15_15.14-0+deb12u1_s390x.deb b20de41f87db309454f9faaf72d93bb6943652af 1144192 postgresql-server-dev-15_15.14-0+deb12u1_s390x.deb Checksums-Sha256: 67a5c7da72661d799a6c97b7efbe458d524bd9d560fa4c6398b85ae972ddc39e 16512 libecpg-compat3-dbgsym_15.14-0+deb12u1_s390x.deb 163667ed56fd7fed4f6c5291aac8b40aab22e222c36bb3946e180654f61ac6f4 19720 libecpg-compat3_15.14-0+deb12u1_s390x.deb dc5ceb6569a56dfdc019ded6ab308a61ee808b28dd7b2aaceac07db43e27a886 214400 libecpg-dev-dbgsym_15.14-0+deb12u1_s390x.deb 493479b3cdbf1910c0f168c5fce75583e8d51c4a1459ca5d29624a14bde112c7 282872 libecpg-dev_15.14-0+deb12u1_s390x.deb bc8f263be934074770ae6a0d3b42ffc612c7e1315b128c047159f9ba139cf75c 112784 libecpg6-dbgsym_15.14-0+deb12u1_s390x.deb 90dbe27b93290c469b62ceaddf1f0e8761251c8a41548d19394e387279ec311a 61500 libecpg6_15.14-0+deb12u1_s390x.deb 3183e41f6d03cd83aa291d2405451f0d80502736600248d075b16fcd3b1951e7 88376 libpgtypes3-dbgsym_15.14-0+deb12u1_s390x.deb 152b79b66451a0d60faeac0ace09f43c138ed6fe0b4cfff26173b3fb2343867c 46572 libpgtypes3_15.14-0+deb12u1_s390x.deb 4956e996d18f71d97c72b5b2bc4eced9690c92315c7b51ab6949d68722aea1b4 140676 libpq-dev_15.14-0+deb12u1_s390x.deb 1653d37dd057b6e95ea5667836965bfa8fad7abbb3b6b8b8cf96d222c30651b1 273320 libpq5-dbgsym_15.14-0+deb12u1_s390x.deb 6ff91b7813aa033da368538d8b58821f4a21dc3f6038a4740694863143327ce8 183524 libpq5_15.14-0+deb12u1_s390x.deb f07181f8e8fcf8c671303358cc6374ecf27a44a1d360bc7cd7cfb441142676e4 15465600 postgresql-15-dbgsym_15.14-0+deb12u1_s390x.deb 7fe9218eeec4852c88052de07712362ca4ceb1770078025f5a38a91facbcaa49 16210 postgresql-15_15.14-0+deb12u1_s390x-buildd.buildinfo 15e485dfbd3a76d0bbb2ab9ee507d51fadc9ba97029243679eeea8c03b8c3c41 5683092 postgresql-15_15.14-0+deb12u1_s390x.deb 314daad4ac9de3f6b42ccb716c64caf93ff026c5c3c20a51c560a9ef52ffa943 2445396 postgresql-client-15-dbgsym_15.14-0+deb12u1_s390x.deb f89e9129321ad4ce0a5a48f93f4e9ca498c59a55c005709c366d1a419ce9c818 1670044 postgresql-client-15_15.14-0+deb12u1_s390x.deb 2ae18141904c9f697d22007bf8ea610bcb35f37afe40c0cbd88469bd804df718 180552 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_s390x.deb 4ccde1ea50fc6bab58980b6e7f548faf4aa17958f01afca220a7bcc17472a69b 68084 postgresql-plperl-15_15.14-0+deb12u1_s390x.deb ba1b47d107f246b0395c9f170c6674c08f7b528601feb4face095eb6a1b3b2e7 170324 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_s390x.deb 2aa1ce3a377da9d7bb1640a441bcac24fb69638f65fec111ad9b33e9105531ac 91044 postgresql-plpython3-15_15.14-0+deb12u1_s390x.deb 760579ae3413bbaee35a77d41bb31502078a76e5fbac3621c49c8cbcc604d557 77740 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_s390x.deb 71c278a529ee913eab483810ca52fcea95e33db4074c27b964f34709fa8de683 43704 postgresql-pltcl-15_15.14-0+deb12u1_s390x.deb 5645611fcc11a0e7fbed92850696fc90cd49d741e26b64874bbd8cc2c2f9cec9 1144192 postgresql-server-dev-15_15.14-0+deb12u1_s390x.deb Files: c992f3cdf378cb73e05ec619e943f432 16512 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_s390x.deb 1a975d4411f97c17f69a523ee56193ed 19720 libs optional libecpg-compat3_15.14-0+deb12u1_s390x.deb dfca17e3f03163c55cef1711c9be3175 214400 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_s390x.deb 8eefcb871561f98875facf9e403cdf81 282872 libdevel optional libecpg-dev_15.14-0+deb12u1_s390x.deb 3fcead24ec53ba56148093d6a3439d2d 112784 debug optional libecpg6-dbgsym_15.14-0+deb12u1_s390x.deb 92d82f3cae79ec25cc4030a0b8902d9d 61500 libs optional libecpg6_15.14-0+deb12u1_s390x.deb cc98a4d8d02ee158689a132605a696fe 88376 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_s390x.deb 9c1be4eccadccbc6829b91ada8545741 46572 libs optional libpgtypes3_15.14-0+deb12u1_s390x.deb 09347c14f325a7acda91e683ac8cce19 140676 libdevel optional libpq-dev_15.14-0+deb12u1_s390x.deb 182bc9ba5155eddc8154e58e64f0798e 273320 debug optional libpq5-dbgsym_15.14-0+deb12u1_s390x.deb 8b66535d4225eb47b5965bed4e6663ec 183524 libs optional libpq5_15.14-0+deb12u1_s390x.deb d653c39ef5a6943790fed078975c2b90 15465600 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_s390x.deb b6163af1cc6974b1af75cf6b5976a1a4 16210 database optional postgresql-15_15.14-0+deb12u1_s390x-buildd.buildinfo 4bcaa53f414f56c2dbda1a5b542b6bf8 5683092 database optional postgresql-15_15.14-0+deb12u1_s390x.deb a23aad8c228fef710e8c71675265e71a 2445396 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_s390x.deb ac2e31aedc0b5417942523bf73a6c443 1670044 database optional postgresql-client-15_15.14-0+deb12u1_s390x.deb 6e6a754c85488a022abe84cf0ee9eb7a 180552 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_s390x.deb ac83553cae95ff69234b3707bcce06e7 68084 database optional postgresql-plperl-15_15.14-0+deb12u1_s390x.deb 6aa346e6f25169451bb51515368cc09f 170324 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_s390x.deb 81343f2edb1bca38293199938c14315c 91044 database optional postgresql-plpython3-15_15.14-0+deb12u1_s390x.deb b2a78a5183294d6bed433749d3f97d64 77740 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_s390x.deb f3e375f37e4925d20fdbc946169a64a9 43704 database optional postgresql-pltcl-15_15.14-0+deb12u1_s390x.deb 3baec0b6276a649f515e14d5d3f2cf7c 1144192 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmiondEACgkQkaCrxAR3 BY3SHRAAik/4xTfcVzqtUzaS+zHtS82w+A7hxJWpCTQTyxTgAKFq0+A9xGV+lxJ/ cZF+CVPZH12I7phumpd3hez6wYfM3Zv5ovm3/ZCpiVGYdfcQ4XmaCkddTVc5wZGV pWte5KOp8JblIayW605y1oBwJvqmr8V12v2K4lp62PTGjz2Y5XGdCwwlxPBAmTYG zzFydL3c/UVf7ssLjBzOJN/GKe6yaSSlrClKqXXAPPVABAmcWZ3s+kmm3Of+LP0L xFCr9scXSl3+nGYyb7sYoCsRwmO7Lr4QKEncdChrkrS5VZ2hHr/RP2+boZxerqyi LZXQfc900AkDXaomdjyRqvoGCjUp989f5cjDhJFGw3kFyMY5vpB5ZnVxGeWvitq8 oy6krNa60N3FEPFNr9ldwscB4AIBvA4H5AVpJNzXsi2g2A/arHiMKW8mKTA3k0dT LXa/dS2LrD3MG08EC25pFUdgf1beCumOIwSQIN4LKH7UgRuAwCmb7IvZ9gNXPhvc o53RzWBnf26pp8QNrbMlcgcNBtABp5C+z8zOIH4ZVADuEbL6O8/QPdyM7OisrE0L K/vZEz4do9423GY33WqZG2DGaqxfX810nkVvOiFECKu7KGtt5Cstfmaza+PCFoPk 6+TjqsyoMiqKOCBvo7+Y+74xgXfZ7BSHVGKOSHjuZfdM0N5UIFA= =SPSM -----END PGP SIGNATURE-----