-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 13:03:55 +0200 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: arm64 Version: 17.6-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Closes: 1107984 Changes: postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. Checksums-Sha1: 0860158c1a667cb8dc3a0de7f869a1c45012922b 16988 libecpg-compat3-dbgsym_17.6-0+deb13u1_arm64.deb eb681225eaa40cc73d830ba585c2123a7a771f57 16576 libecpg-compat3_17.6-0+deb13u1_arm64.deb 94ab4a19fe1b83c2a379e91282bde6b25b609961 268668 libecpg-dev-dbgsym_17.6-0+deb13u1_arm64.deb ac3db95fdbd4827a6cd5f3bdf176a32acea69420 284928 libecpg-dev_17.6-0+deb13u1_arm64.deb 968636bd5dad7afd1b380394e412b50ea0d2fca9 114868 libecpg6-dbgsym_17.6-0+deb13u1_arm64.deb 0492836c4a910a477be07cc33a6302e4729b900f 59388 libecpg6_17.6-0+deb13u1_arm64.deb 6c9adf04b2e73bf147406428ca97a46e88304a26 89344 libpgtypes3-dbgsym_17.6-0+deb13u1_arm64.deb 397268acf619741d6d9d6570f71def11a87c3817 42968 libpgtypes3_17.6-0+deb13u1_arm64.deb 257c01b529ad034f21a3dbc0d8aaaa4db0de32ae 147048 libpq-dev_17.6-0+deb13u1_arm64.deb 1e38452832c6c1b886f1dfaa9dc2e1fd64b8a73e 294228 libpq5-dbgsym_17.6-0+deb13u1_arm64.deb 37bf783900bc8e20b9e21f1399ecc7b900f41d51 220288 libpq5_17.6-0+deb13u1_arm64.deb 2bb788b28eeae6ccccbc5dac97af3d28840b9340 19536224 postgresql-17-dbgsym_17.6-0+deb13u1_arm64.deb fdd4dddfde94a8d9a5ad3138844cfb56c8622acc 16949 postgresql-17_17.6-0+deb13u1_arm64-buildd.buildinfo c61695e2ca4482bd3a748686814bc9a5b84f2ea8 16077204 postgresql-17_17.6-0+deb13u1_arm64.deb cca1bd59eaff0efdfbbae32e27efc7ce86b7ae58 3015916 postgresql-client-17-dbgsym_17.6-0+deb13u1_arm64.deb 75998827df73142d5907f3e7fbb4de9fe7dfa057 1977884 postgresql-client-17_17.6-0+deb13u1_arm64.deb 6ede203a326e9c1025ba6e091484ac25a8db4cde 198136 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_arm64.deb 160ca5b5d1595649e892fc935934801426363d8c 81928 postgresql-plperl-17_17.6-0+deb13u1_arm64.deb 1071a9d57d871d06108c3d4f03d1f8cf5172d79c 201204 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_arm64.deb a4b45ec9908c8c1abd2c96dded9d9780ece2d54b 106412 postgresql-plpython3-17_17.6-0+deb13u1_arm64.deb 27068d6dad2894177580c0d94a40456f259b2a4a 84572 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_arm64.deb 5d66e0043b405472012b6803425ae939580afb9f 40948 postgresql-pltcl-17_17.6-0+deb13u1_arm64.deb 3a066ad9a0893d98659662a82876af56dae4e65e 56560 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_arm64.deb 1797b81bc8b67bcb494694a61fd46f8da3fafbec 1311384 postgresql-server-dev-17_17.6-0+deb13u1_arm64.deb Checksums-Sha256: deba318a74d4b1233c51b0e2b13d2adb3b19cb5a20af6f2f60393b51799dc9f0 16988 libecpg-compat3-dbgsym_17.6-0+deb13u1_arm64.deb e0650dc3fd78f21f46a43feeaf50c3a9960741ee3ce4a1a806fb444098f94fa9 16576 libecpg-compat3_17.6-0+deb13u1_arm64.deb a95806e331e996f73dffa6fd93794a7e46c919d0c3490b80236b06636f2259b8 268668 libecpg-dev-dbgsym_17.6-0+deb13u1_arm64.deb 58ab427d00d599c40c58b93b7f3fe5714201de581ed0255b52a77151097e9b94 284928 libecpg-dev_17.6-0+deb13u1_arm64.deb fbd663e6444eaf0ba213b6c3edc0a57d207e23c1ca77450418a9f34f549c18e4 114868 libecpg6-dbgsym_17.6-0+deb13u1_arm64.deb 185e6b1552c99f038582fe2f116f710951eabb405f1d8aa6e71bcb68c9fdb41f 59388 libecpg6_17.6-0+deb13u1_arm64.deb c8e599fa6e73b7e247700c0587a441ae29beb84a134638e5559316074a31e42d 89344 libpgtypes3-dbgsym_17.6-0+deb13u1_arm64.deb a429382f53e4613146a17cbefbfa9530eb514870e0395f2bd066b2b98921498a 42968 libpgtypes3_17.6-0+deb13u1_arm64.deb cca7f1097c32bf0b533873e48f76014b8ac9e5e1e845fe75f9bb715c75a0b409 147048 libpq-dev_17.6-0+deb13u1_arm64.deb 8dfbcc34861dbed9755adac1cb9eabe93cc5858da4640838cc5af3cf35249e12 294228 libpq5-dbgsym_17.6-0+deb13u1_arm64.deb 634f38732dff6dda5fd6d68451feef21723ed4098076fac141520bfc8fd3190b 220288 libpq5_17.6-0+deb13u1_arm64.deb 63b4ccb939a4f0366fd2863d3dedd564bc2fe028dbc4efc9ef1d2739d54e9e16 19536224 postgresql-17-dbgsym_17.6-0+deb13u1_arm64.deb 48bcb9c0bc5ce96259b797f4ded2925f1fd59b3cc5bf93ba45784f9144c3460d 16949 postgresql-17_17.6-0+deb13u1_arm64-buildd.buildinfo ae10ac8f6363159a96cc1bf21f7ce12e31726577db041988558660ee482a52be 16077204 postgresql-17_17.6-0+deb13u1_arm64.deb b08e1e066acd4f7e2eb1c4c4b0aa81d1e4a58447df77eed59582a0ae071f6a59 3015916 postgresql-client-17-dbgsym_17.6-0+deb13u1_arm64.deb a160515e77e39ae21d20f39d6b56e28082c6442301c69daa4349075b71882338 1977884 postgresql-client-17_17.6-0+deb13u1_arm64.deb 5644def6f415cb7feaa7014f2cd665b3d27957e1d68dd69f24c8576d587e9f6b 198136 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_arm64.deb 2702648b5392812909c2eff4d9eea08d797f7f546a4dbdf739fb8f25a5902f39 81928 postgresql-plperl-17_17.6-0+deb13u1_arm64.deb 45fc206c219e38184effdfa96d84aab3e07f63ad687d921ad9f22625c0650612 201204 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_arm64.deb 609dcd01d02c8a408ebebc86d62ccf73ec784fb0a33da971374d616254bedd7a 106412 postgresql-plpython3-17_17.6-0+deb13u1_arm64.deb 192ea73da256d9ef0666fd3ed18321165280c39fa1e750894e1b88b649bd3822 84572 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_arm64.deb 864504e1d43d79417a8f454de59ff7d87ad9d24ea53fe540f2596435f71e1177 40948 postgresql-pltcl-17_17.6-0+deb13u1_arm64.deb 6675721a96055b0bfcb4d7ab9152ad6892cf600955d0feb3a8a6e72821a14049 56560 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_arm64.deb 0e3f5b6225a4403b70a1614c6425c1a29ae4465f9b1c9d5901801327068fa1b5 1311384 postgresql-server-dev-17_17.6-0+deb13u1_arm64.deb Files: 56ebf56973b0b8f4bec77ea0db53019a 16988 debug optional libecpg-compat3-dbgsym_17.6-0+deb13u1_arm64.deb 0da547a80dcb461d7778a006cb2040ba 16576 libs optional libecpg-compat3_17.6-0+deb13u1_arm64.deb 4b8e0b44bd46eb0b30da6b0308fa54ab 268668 debug optional libecpg-dev-dbgsym_17.6-0+deb13u1_arm64.deb d5022da22d8be41a7a5768c155c1cd0e 284928 libdevel optional libecpg-dev_17.6-0+deb13u1_arm64.deb 797c50db3a27ed6bddb34103649ffd9d 114868 debug optional libecpg6-dbgsym_17.6-0+deb13u1_arm64.deb f2d8b8dc4d1b7269340d57e5566732a0 59388 libs optional libecpg6_17.6-0+deb13u1_arm64.deb da061e71e8a053765562329be4cebcba 89344 debug optional libpgtypes3-dbgsym_17.6-0+deb13u1_arm64.deb 89d5b182a596be585c14e759eb7b42ea 42968 libs optional libpgtypes3_17.6-0+deb13u1_arm64.deb a612489dbe6bfe7dd2b1a851ec07c8e3 147048 libdevel optional libpq-dev_17.6-0+deb13u1_arm64.deb 21a19fc7fcbc7cb792885f73a425555b 294228 debug optional libpq5-dbgsym_17.6-0+deb13u1_arm64.deb bc046e36c353cdb98101711ee1c49881 220288 libs optional libpq5_17.6-0+deb13u1_arm64.deb 5af8832687f5b4c1ed16b7a9d160fea0 19536224 debug optional postgresql-17-dbgsym_17.6-0+deb13u1_arm64.deb 9875efe575f5991a9e901a083364504a 16949 database optional postgresql-17_17.6-0+deb13u1_arm64-buildd.buildinfo 2a75ea8dc98361c9fff34438468814db 16077204 database optional postgresql-17_17.6-0+deb13u1_arm64.deb e9f285202bc99a943fe62dcc20cd7c02 3015916 debug optional postgresql-client-17-dbgsym_17.6-0+deb13u1_arm64.deb a9a38824fb48fd98be4564e53d0c5255 1977884 database optional postgresql-client-17_17.6-0+deb13u1_arm64.deb 9f5ad284e4348700de371c6c2382191e 198136 debug optional postgresql-plperl-17-dbgsym_17.6-0+deb13u1_arm64.deb 248127794e5ed26c3c5f0639e3bc1470 81928 database optional postgresql-plperl-17_17.6-0+deb13u1_arm64.deb ff8f778aaee6ed08d9a8f9c4d3917e06 201204 debug optional postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_arm64.deb e1a1b2ec534419937aa2c099dfef7502 106412 database optional postgresql-plpython3-17_17.6-0+deb13u1_arm64.deb 2cfb9c7b42f9f327a9cb607ad7cb68c3 84572 debug optional postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_arm64.deb cc4bc83f7c32fa03d8411448ccc3b749 40948 database optional postgresql-pltcl-17_17.6-0+deb13u1_arm64.deb ab536bde25b041a53f086b6e4480dfee 56560 debug optional postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_arm64.deb ee1be356e5b59bb438dcfda1763b70ec 1311384 libdevel optional postgresql-server-dev-17_17.6-0+deb13u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmio8ggACgkQ+N4VxR6L ZYFO7w//XuAvkgUayCS7SeDRnsCCjoHdxJ8Jglltz+IJUGvz66fZkfYGeOO0uwV5 /cKyVOWOIkgZOFhiCgfYdkS/EhV9Wz7FRJwcDTboqX6W183OeQVfD1DPK4f7Nbrb zSHTjLXrKdrPmITEUE7jbh4X0QLMjrvO0LvOJvYwe4c4+cyi56TxvpARUKZwd89b PvYoP4YTzeeWgH4cRnyxAu4WXMT9DmpS8yDKrmkL8FYkZ7+jnb4TObNooEizbVIu 408X+E9PjAQYEKAUAqzSJcOKid9w/sKXtXNICTlEPp4sQZe4DN/3on+IeWqZ8bJi HI/rVUIHkCCpZdm5Z1vR/CkwC3gUzbFACLHWxUGN6WrvgSBHVlsozDnXMd4nR0a3 +An38/ub2XEREoYNI3RiDFCYjqLWAPDojZBF9go6RZocXKZh/H7M8VNSV6Wrz6g+ Y4owjg8eU3vBpkngGPDwpmjb+28v9xJfpf9wSFdkV5Mjq+ogrk4Lby8Sh2dlYwNy hvQyHgAWK4jMqCJUzAlf8Akuk+Cq8pCjwdojklKo7JCyDj/U28TfoDy6uW1l8P4V 1kt+Pp08KpAfSJbBAhfNyDYBE6bGSiJZcPmvpXAv5HUh5jOuKI6uzsn34TeMd36+ PrUzYAQd5SWNwKqRw318PNZFispy6wYQ+KtjbHxOUm0FRHDRGm8= =wiq5 -----END PGP SIGNATURE-----