-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 13:03:55 +0200 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: amd64 Version: 17.6-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Closes: 1107984 Changes: postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. Checksums-Sha1: 3edb3b6bacc1d525c08c82306c685501da6bfc35 16508 libecpg-compat3-dbgsym_17.6-0+deb13u1_amd64.deb 56bcf9a4c1adfd00a2ab3563145c2d0c164eeb97 16548 libecpg-compat3_17.6-0+deb13u1_amd64.deb dffde07ed38cfabb716bca7cc56e117ed0972539 276288 libecpg-dev-dbgsym_17.6-0+deb13u1_amd64.deb dfde9636bd3765ba29c451561d236bf0a60e1159 303308 libecpg-dev_17.6-0+deb13u1_amd64.deb 72c4130cb26d25849355dee1658cd1581a771544 114804 libecpg6-dbgsym_17.6-0+deb13u1_amd64.deb a2606bbf2798769e339bd0066a27bd7aa7ec3ae3 61880 libecpg6_17.6-0+deb13u1_amd64.deb 4ff675544f5a9333d510cec75f7ed6eea77447ac 90644 libpgtypes3-dbgsym_17.6-0+deb13u1_amd64.deb 7bd6717b570605e00ec50eb0a7f4f0d36fb772e3 45124 libpgtypes3_17.6-0+deb13u1_amd64.deb 2bbd6f10efab1ef7a04367bc042ba4a5ee707c02 149628 libpq-dev_17.6-0+deb13u1_amd64.deb d6f2b45bc4fb2611626cdbe64d7c999b866b1593 295044 libpq5-dbgsym_17.6-0+deb13u1_amd64.deb a32a364fca9e8a04009812c59dfcbee980f41046 227644 libpq5_17.6-0+deb13u1_amd64.deb 0f9621e18a58e148aa472a7786fc880a5a5c2a10 19632384 postgresql-17-dbgsym_17.6-0+deb13u1_amd64.deb 097ba87cc4653912a9c2d11549c28d3bcc6cf507 16981 postgresql-17_17.6-0+deb13u1_amd64-buildd.buildinfo 18dbb32e3ac36d263b54f39a91f8151d9e095871 16547560 postgresql-17_17.6-0+deb13u1_amd64.deb 3d5889df58f38def0154e33171eb02b041f3d155 2999744 postgresql-client-17-dbgsym_17.6-0+deb13u1_amd64.deb 06cd7637c699e60cb0ba875a60d51659134c7cf7 2031084 postgresql-client-17_17.6-0+deb13u1_amd64.deb dbb6011513c79c03d5f1078e813fb8ecc1453485 203296 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_amd64.deb d8ff4eb4d082659c171e6b45a2152035dfb7c6a2 85380 postgresql-plperl-17_17.6-0+deb13u1_amd64.deb 4b2b0ec1585e7b8bc556d0488b6075864acbac41 204788 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_amd64.deb 6ebf3e376bc0636dfb73268967a9431a8d49e92d 110016 postgresql-plpython3-17_17.6-0+deb13u1_amd64.deb efae87a930d25020b7d66fc711d71bb6da7ae4a9 85112 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_amd64.deb 9f8d8340424b06a2f053a0d326e76c92db61c7bb 42440 postgresql-pltcl-17_17.6-0+deb13u1_amd64.deb 3eec936466cc8a53e12adf9beee4c094e04f7fd2 56064 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_amd64.deb b01f666157b7235aa3a7a38ed8f79b9f85648e08 1321468 postgresql-server-dev-17_17.6-0+deb13u1_amd64.deb Checksums-Sha256: 217d71b72c1ca41f773ec56846991184e1254861b8aa0a7912ecf73700a4f45c 16508 libecpg-compat3-dbgsym_17.6-0+deb13u1_amd64.deb 81367f9080159173e3a8f1d752949cef1c29a6099105f522572639fc30763dd3 16548 libecpg-compat3_17.6-0+deb13u1_amd64.deb 246ca324d1c79cd709233d0e121d10c9a4dbcb2599cd1294f28b09892e873a24 276288 libecpg-dev-dbgsym_17.6-0+deb13u1_amd64.deb 21e1e7ca099316f17c081d699aa65f2a76ac98c3a160c7044960477503f97bcb 303308 libecpg-dev_17.6-0+deb13u1_amd64.deb 035741513454318578a30e15aee6c235046aaaa6bbe5215b142111734482e9d8 114804 libecpg6-dbgsym_17.6-0+deb13u1_amd64.deb 4f88a66ebde07b779acee1cb6fa7c2dfa53136d1e90551bbd6eebc79242d8f39 61880 libecpg6_17.6-0+deb13u1_amd64.deb f8f752b80bb3eef593ee344a44900b9736dd638e1bfaca598fa69be1d477d9eb 90644 libpgtypes3-dbgsym_17.6-0+deb13u1_amd64.deb c7f73f7a9469ee3e6a4a2ab941a8258260b7413e10181bbb3426541afc9650cb 45124 libpgtypes3_17.6-0+deb13u1_amd64.deb 027ef326f449b1a2078ac557f537f4fa2de80f4109d040d01e690b4199320a09 149628 libpq-dev_17.6-0+deb13u1_amd64.deb 9d3395d6052b8e657937da4d440599b89292ea5e95b3d6ddf26cb669f160e82d 295044 libpq5-dbgsym_17.6-0+deb13u1_amd64.deb dd26955cd5aba91e58dbee8bff57a9314e4f44ad934a08b62b5c5aeb91472cd7 227644 libpq5_17.6-0+deb13u1_amd64.deb b10045c2ca030cf5c08a38136043b28dd12bb8eb57b64fc8a77d492071f8655c 19632384 postgresql-17-dbgsym_17.6-0+deb13u1_amd64.deb dcd59a74d0bc373400273c84073b8d962a2389ff173aea992be8a3e6fd0a9b0e 16981 postgresql-17_17.6-0+deb13u1_amd64-buildd.buildinfo 1205ffc60fa6108b6a089bf364efe561c06f87f3703ab4f37099669a155cd73f 16547560 postgresql-17_17.6-0+deb13u1_amd64.deb c1fdc3f2709a7624ac94501209d64ce821b178177d50f9f6addb6c7e836774b1 2999744 postgresql-client-17-dbgsym_17.6-0+deb13u1_amd64.deb 52f2eb1a132e75c1695c6ab89c54fd25da3a14db73cf2cf957e40b9f63ffbf89 2031084 postgresql-client-17_17.6-0+deb13u1_amd64.deb f5c702a6626342861f9d1aed380e6076d6e4c3cbb5a929d0ace3d28591db1e9e 203296 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_amd64.deb 75f770716a66d43ffdb39a875e0268e5e279f9251459ba5a564c0df3248dfd80 85380 postgresql-plperl-17_17.6-0+deb13u1_amd64.deb 7f44dd624c5a8cb375cc2da76d6c5b763c5459926ee335e7a484e1dbc45ba648 204788 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_amd64.deb 3f71f8708e071e69f994f5b8712b1e0f2745b622801a282f80ae1ddd9f1948a4 110016 postgresql-plpython3-17_17.6-0+deb13u1_amd64.deb 68e4f34394f38de1dea9ec7ab82dec21914bad006c49f5fc4700a0cf4a54b786 85112 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_amd64.deb 49b2bc9d993772900fc6d64059c0c222e35fe58352f8b232d6849318c670c595 42440 postgresql-pltcl-17_17.6-0+deb13u1_amd64.deb b0a4e2a6751c4b19cb90aa26c12ab0a40f9789e423e5da57c2c385f9396ab326 56064 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_amd64.deb de21d1250f34abb9b26378d6b5ccd82d55a01a268fcf9095276fec2984f11b63 1321468 postgresql-server-dev-17_17.6-0+deb13u1_amd64.deb Files: 3a9b7c0e2b5a5fe3f85ebcefbf667629 16508 debug optional libecpg-compat3-dbgsym_17.6-0+deb13u1_amd64.deb f9723a06f91fe8c452adc445e62b0be3 16548 libs optional libecpg-compat3_17.6-0+deb13u1_amd64.deb 215a1f0b410d36b32bdc827b0b12d180 276288 debug optional libecpg-dev-dbgsym_17.6-0+deb13u1_amd64.deb f1d879560f498256b498137ff1c57256 303308 libdevel optional libecpg-dev_17.6-0+deb13u1_amd64.deb 14e38cf3620eaf0291fe2817af489e92 114804 debug optional libecpg6-dbgsym_17.6-0+deb13u1_amd64.deb 7ac6e539955e6475829e17ff3ccfa740 61880 libs optional libecpg6_17.6-0+deb13u1_amd64.deb 7ebe0d56c207441de6e72e6c18644534 90644 debug optional libpgtypes3-dbgsym_17.6-0+deb13u1_amd64.deb 8c97c91c65ad8f05f90dd02cdde0ecab 45124 libs optional libpgtypes3_17.6-0+deb13u1_amd64.deb c9f96f49a2480c9952a08d9de6f19714 149628 libdevel optional libpq-dev_17.6-0+deb13u1_amd64.deb 546b99eba45649651898d65fd664b34f 295044 debug optional libpq5-dbgsym_17.6-0+deb13u1_amd64.deb 069bd38a6c36cbe6309e3f32d90c8e5f 227644 libs optional libpq5_17.6-0+deb13u1_amd64.deb d7e2df5045f21a177b99321a499513ff 19632384 debug optional postgresql-17-dbgsym_17.6-0+deb13u1_amd64.deb d0040594ec25d6ba287bf88afa51e4f2 16981 database optional postgresql-17_17.6-0+deb13u1_amd64-buildd.buildinfo 435fe681fdb8d16c1377fff5947276bb 16547560 database optional postgresql-17_17.6-0+deb13u1_amd64.deb b395af8791a24a55aede287ffbd99ccb 2999744 debug optional postgresql-client-17-dbgsym_17.6-0+deb13u1_amd64.deb b96406ec57d6330560ce2192e32a0c58 2031084 database optional postgresql-client-17_17.6-0+deb13u1_amd64.deb f1b4393f0b1b9438ae8a3ccf065d5460 203296 debug optional postgresql-plperl-17-dbgsym_17.6-0+deb13u1_amd64.deb bf7cf8956ac93246e1ad0ea7bb13bfa5 85380 database optional postgresql-plperl-17_17.6-0+deb13u1_amd64.deb 534f80a463d9a6b52d94cc76acafda51 204788 debug optional postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_amd64.deb e4577b6ec41c4f4500a3d3b8d318eda1 110016 database optional postgresql-plpython3-17_17.6-0+deb13u1_amd64.deb 04afa2420ab3369c3091f521b8f3a4c1 85112 debug optional postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_amd64.deb 1ad013399543c4550396755f28fa2daa 42440 database optional postgresql-pltcl-17_17.6-0+deb13u1_amd64.deb a9bae1c3d47d79a01bc92c008bfbbdc8 56064 debug optional postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_amd64.deb 0cbbed20e480a4aaac287bc58c486fb8 1321468 libdevel optional postgresql-server-dev-17_17.6-0+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmio6PcACgkQfUw6/tXb AmOWiA/6AhJ3OO3Blwq7aImWQG6PcOFoh+mSpDRBpWKruvMyZpo40c4Hzounyu51 7EDnF9MbHyLmEafWae8fiKw3tADRVtaVUrt2Spl0yYEJNte53dTpLTPFmA85goWa Vk0qlii/Q83fe6EyDWfqGZJvwJhu9TdkcLRd/tmdp8pwofVxyI9M5fTxcFn8oL6m PT0m0gBopUhXOs+pCko3WTPwRWjbWRLLt81QcFof81ZxFO+9+OA4RTx9+KiAc7qT /7Dvr/Tbr9YTLvH4LM5Shuz4syev7Prt1ok1paTZJmZkHDl+7N3RXtc7arccv67m Wx+cjos4OQuYE15v/7uQrLdlqQxR6EncCnvruYthDSXWBsyCHJZPy0BUNWE11QhU eZOV2TXdxGVVuwUZI0vEnZc4RfZjDZuuPSqNamh9EVTr24jY3G3hfkRT1xBwTu20 2P0PEcUDd5m7qWSnuC+rRQbIWAT/78sN08bphKL+8uHTSe51dNLdnndlC/HpEZdW 1dY/ikfxqDiT08/Sypi1uR0kjR11FuDgMSTFlCmWSGeDv3yLpxfZsrydC5eLIIO5 Bb+hiDXWplvOygi7g76t/K8gXItUL9pCwbSI+q7YdrMGvOmia+oCGlSH9fdiYdOm vcw7RZDqPKioWyKHmwLDZC8Lk126OuVJI7C3OzV0V35PMrwnM9s= =gG2n -----END PGP SIGNATURE-----