-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 20:13:29 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: armel Version: 15.14-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.14. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) Checksums-Sha1: 0415206729f24e395c14225052d18bc9c31fab2a 16376 libecpg-compat3-dbgsym_15.14-0+deb12u1_armel.deb ec7e51bb0fa306da18547e0e987c7ca79c1e9f89 18712 libecpg-compat3_15.14-0+deb12u1_armel.deb ab4e4f5ab97b09c463df74a8b14c5275036af2d6 232504 libecpg-dev-dbgsym_15.14-0+deb12u1_armel.deb e93b55e9caa110125c5c1a28790cb40303cb2c1b 275144 libecpg-dev_15.14-0+deb12u1_armel.deb 7a82c1f2f1e65584ba1e1e10324d5c9d2506f309 111184 libecpg6-dbgsym_15.14-0+deb12u1_armel.deb 89e379e385dbd3c813a3f5b8d77b59fcfd99f415 57860 libecpg6_15.14-0+deb12u1_armel.deb 972747cfa2f5e17b28bb065a2afbcc0328ef3df6 86560 libpgtypes3-dbgsym_15.14-0+deb12u1_armel.deb 53ff33360cf975eeee7f02a59880cacd567b60db 44188 libpgtypes3_15.14-0+deb12u1_armel.deb 20e6400d088c6788685037f8fe80bcdab838ba8c 136100 libpq-dev_15.14-0+deb12u1_armel.deb b89b6b7d981bdb27942b998d9f25ff9436b3ef62 270652 libpq5-dbgsym_15.14-0+deb12u1_armel.deb e0e2f50f2e2104c62389a1a7d1c747dcc5147e22 174904 libpq5_15.14-0+deb12u1_armel.deb 9b20b869e6076ef86b7d5a9c8982d2a2e9b3defb 16213788 postgresql-15-dbgsym_15.14-0+deb12u1_armel.deb b39d09207ddaf235e59dfe8f82c9beeaead499d3 17138 postgresql-15_15.14-0+deb12u1_armel-buildd.buildinfo 4e7259e1c2586d68b01c23208df609c32b6ab81d 16181980 postgresql-15_15.14-0+deb12u1_armel.deb eb81bcbdafe17950fd44674ef1588ac0b3c82d94 2411620 postgresql-client-15-dbgsym_15.14-0+deb12u1_armel.deb f069065829642dea69853a71abf7c5ac6437a12d 1618384 postgresql-client-15_15.14-0+deb12u1_armel.deb 3fa745c3e8a3ef1b7df0d078f29c1f80e41b5ad9 181868 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armel.deb 35eb3675ce76744eb498e0dedce2e53172d45c76 90048 postgresql-plperl-15_15.14-0+deb12u1_armel.deb 54d9ab5313af9eb29ebbd0021b0c1345c8275b36 172500 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armel.deb 9361cd945d6633cde7ce0177d5ff2a66321cf6f0 108616 postgresql-plpython3-15_15.14-0+deb12u1_armel.deb 8b11b673af28f083022b6252f75fa25876763906 78032 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armel.deb 302d52355780a40cd001a2c9d992bbc1f0e6f6e0 42496 postgresql-pltcl-15_15.14-0+deb12u1_armel.deb e1bef4334ef8f1fa939d4e647c9e75c85235ffac 1138224 postgresql-server-dev-15_15.14-0+deb12u1_armel.deb Checksums-Sha256: 070f68ea5eaf813463efaa1737e4a82fec5b7e4eb54118435a5fb7d585ad57ff 16376 libecpg-compat3-dbgsym_15.14-0+deb12u1_armel.deb 1cd028f868658df0b694278405f563a2baba3b73fdd15e79bcea716545081c5d 18712 libecpg-compat3_15.14-0+deb12u1_armel.deb 654fc380da377c15a4b3df70e9ee8d3f29944bb5709c5de758b2ad3b6e540259 232504 libecpg-dev-dbgsym_15.14-0+deb12u1_armel.deb 547db41b0d0272e387864871e57851052a1a60f5823f674056b57ce84aa4c436 275144 libecpg-dev_15.14-0+deb12u1_armel.deb 4d04d2678b51ff053bbed3333c681a172c6aa5fd94f699d1920e31e87010ff3b 111184 libecpg6-dbgsym_15.14-0+deb12u1_armel.deb 22e5e2d1dbbc3996ed85b9db8e6ab0f4992dfcc88a2598280dd2a498187dfcd1 57860 libecpg6_15.14-0+deb12u1_armel.deb 60cad197c6d5cf42aeded6919780f2ca4cbe24aa0559a06215695a1d16396e03 86560 libpgtypes3-dbgsym_15.14-0+deb12u1_armel.deb c6e1e5089ed5e50ceefd91ab26eaceef5a4a47e88cde2a2c04180315942fa9ee 44188 libpgtypes3_15.14-0+deb12u1_armel.deb 6ad0171f967077725750e8431bcb309f6d1d2a250ffd8684dce4c7dc2016ed2a 136100 libpq-dev_15.14-0+deb12u1_armel.deb d0cb09a470b63e3fa1bb1a326a9f1b5ffd90fa33bbf0a7d459286ecfe3be66d2 270652 libpq5-dbgsym_15.14-0+deb12u1_armel.deb 4083060189c6d18e4bddba69054ed54014ff175246186fb87a7b4e7aa676c7dd 174904 libpq5_15.14-0+deb12u1_armel.deb a14387746b531a454acd24fed42950573ab4f041f788fbd67b6f5948d926dd19 16213788 postgresql-15-dbgsym_15.14-0+deb12u1_armel.deb eb1c5e807af51afe38cbf2993780f8af43df747cdf8c79cdb734b70807071181 17138 postgresql-15_15.14-0+deb12u1_armel-buildd.buildinfo 34a5de249cd0964234d736d42db5fb954d980ef37e2113aafbc006d3459b2a4b 16181980 postgresql-15_15.14-0+deb12u1_armel.deb 138bfe4f24217c91a6d39eec4c64c4606c88336ef28d0fce75a1066f1f6f0e54 2411620 postgresql-client-15-dbgsym_15.14-0+deb12u1_armel.deb 3b6397874387db286208a0cce564847e3ad025ed01f038f2dbeba6150d089f5b 1618384 postgresql-client-15_15.14-0+deb12u1_armel.deb 737a69e5f9e6c87ea138209e4639d28b8c47a89f038bba7ce89090f26305439f 181868 postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armel.deb a330025e7ffb751a4965a4efdcaa55194c61b684dd295a9424a2cb1e34d0df2e 90048 postgresql-plperl-15_15.14-0+deb12u1_armel.deb 19bdb5017eeaa8d70cccd30d263b81a0a30caa2af3c686c77c7dad4c12a6212d 172500 postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armel.deb 3a79322760985d711a896e190b669d2d87381b001ea96f6db722e7de174622cd 108616 postgresql-plpython3-15_15.14-0+deb12u1_armel.deb e6cd4de6ce8fb43d6a9352bb2b1e3a8da86ae900b0264adb7335ec79c9e8f3c6 78032 postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armel.deb 84fac110be6216af908804fe855b6383fe11368e91b499e00dcdd0d51647f986 42496 postgresql-pltcl-15_15.14-0+deb12u1_armel.deb 26d45d56444b2061718d9a307d5a719f329b45530e91f9c9175ee2f8ea8f2143 1138224 postgresql-server-dev-15_15.14-0+deb12u1_armel.deb Files: f4cadb886b9bbd46a132356f9d203c14 16376 debug optional libecpg-compat3-dbgsym_15.14-0+deb12u1_armel.deb 527e3bfb368a7a35d803994cf3428636 18712 libs optional libecpg-compat3_15.14-0+deb12u1_armel.deb e8a182400975f654e5a3089816f8d4b0 232504 debug optional libecpg-dev-dbgsym_15.14-0+deb12u1_armel.deb 72b8656b34123d1bab9dea4833f12d96 275144 libdevel optional libecpg-dev_15.14-0+deb12u1_armel.deb bb02ab04ecd16a58f9cebe6a492b566f 111184 debug optional libecpg6-dbgsym_15.14-0+deb12u1_armel.deb f6cde9b5c983b682cb003f6891751d7c 57860 libs optional libecpg6_15.14-0+deb12u1_armel.deb d0287b4321cd55df49ac8e40038bf7d9 86560 debug optional libpgtypes3-dbgsym_15.14-0+deb12u1_armel.deb 60cd9ab27f6db122195b8dde3eb1da56 44188 libs optional libpgtypes3_15.14-0+deb12u1_armel.deb ca05f37b6c0569b372e4cc95fd02d8b4 136100 libdevel optional libpq-dev_15.14-0+deb12u1_armel.deb 61b397c1f83be97ac00431e20db895ba 270652 debug optional libpq5-dbgsym_15.14-0+deb12u1_armel.deb e0edda211fda55b36a614882122ed6ef 174904 libs optional libpq5_15.14-0+deb12u1_armel.deb 112b2b75ce15ce32b80d1ee4376aa446 16213788 debug optional postgresql-15-dbgsym_15.14-0+deb12u1_armel.deb ecacfe7871c623b78aa4bc7a0155985f 17138 database optional postgresql-15_15.14-0+deb12u1_armel-buildd.buildinfo 02607cca05371336a2c6bd55a20b423b 16181980 database optional postgresql-15_15.14-0+deb12u1_armel.deb c7eac6902c4ffe29a6a16477cc732a4c 2411620 debug optional postgresql-client-15-dbgsym_15.14-0+deb12u1_armel.deb c0d34091058e0143506f48135ad64828 1618384 database optional postgresql-client-15_15.14-0+deb12u1_armel.deb fab8ec77e3a2ac7db1941a5a7e6bc54f 181868 debug optional postgresql-plperl-15-dbgsym_15.14-0+deb12u1_armel.deb 9c121e43fe2875852ff5f002940ab696 90048 database optional postgresql-plperl-15_15.14-0+deb12u1_armel.deb 227df23f1599022675740cbfabae9241 172500 debug optional postgresql-plpython3-15-dbgsym_15.14-0+deb12u1_armel.deb eb93904d6516b78dd62b0a32fb18fe08 108616 database optional postgresql-plpython3-15_15.14-0+deb12u1_armel.deb c2bd4b9ac8fdd3267394711f1be08149 78032 debug optional postgresql-pltcl-15-dbgsym_15.14-0+deb12u1_armel.deb dd68f1d5d1bc8907029f7ac5d7204785 42496 database optional postgresql-pltcl-15_15.14-0+deb12u1_armel.deb b2fad260a5df5fdcc7d2916672434cfa 1138224 libdevel optional postgresql-server-dev-15_15.14-0+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmioqQEACgkQOQKMdMnE H5O1Rw/+LvfRAAJEPeh7BldtVKMW3KH12wnAmeBEUOR+mpmz2AgML9D6mgco61dP QzU9TapgvZs6p1Cdsj26BRttbEoidCzZ78ReI+VpuiaoMX72vIKSvAyiwds8SQKx WwA5I/MX/xRODtsfpCD1VkwRuvC8JsomHGwmmTqk2W7QMd/MEd3FOAEz1IDqGxRV gJQtW0bjKapZfgu7Rv002NAijrDWGWtrSMI1DBUa+zzcs/73yLMFI+pH7dcgHaOj 0PbdB2zJE2JfKEWNnssNycfUmYrw013wQw1rtDS+YGS7fb+VVZBoq61QDjbuqtu/ 4eZ4R2KbCL8++VzrVe75Ddu+7XcZSsOJrg5Ew6F0rpYYzyD2tdL7OoDoHa5Mocf5 2GI8sMLUmZDkrNF/aO+EWu+/mSkOZkQ7+OreqqNJcFMkG68UZD794Mgy7jy5w7xm Wu127V8/oc/ZfKwrScXrdlgwvf7RHKPIXkmL1DUZZ6upmihtMXDlzCZxlyO6qsoP a1blokRYlQa9h2x6ux0HCUc8LklbgDZB+z+XxZoOy0oIratqxbrv5VPPO7F/bgWK uRBr7bNY9Pjt7CIsYzniZIhEZFPjV99YX2nfRb1NZWJAwQFy1J2MFGz9gm/FREhx pfAvuPSynPqJD58zcNAaU6++cn0eZmlwkLxrPhXBUamCtqqUTVs= =os0Z -----END PGP SIGNATURE-----