-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 13:03:55 +0200 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: armhf Version: 17.6-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Closes: 1107984 Changes: postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. Checksums-Sha1: d2491fb733f5af5fa224a569a3c2994d8b9f4265 16928 libecpg-compat3-dbgsym_17.6-0+deb13u1_armhf.deb b79819d74818d5cce1799bf86acad279693eedb9 15488 libecpg-compat3_17.6-0+deb13u1_armhf.deb 16414c278cb65d8d0100dc91b617d76e3ff8c3ff 247876 libecpg-dev-dbgsym_17.6-0+deb13u1_armhf.deb 4ddaeb77246568b65246792a9634e789a6946f6d 281324 libecpg-dev_17.6-0+deb13u1_armhf.deb 177e6195a7dc2a785959ba90814e339defce65ea 113844 libecpg6-dbgsym_17.6-0+deb13u1_armhf.deb 84d3efba4496ed6f39cc9b622dbd17841dc0de1e 53980 libecpg6_17.6-0+deb13u1_armhf.deb 0ab7c0706ecc7b3774d55c7d2af251f2ea3cbc9c 91372 libpgtypes3-dbgsym_17.6-0+deb13u1_armhf.deb 32e0150bef903fd7cd66495616caad605de410c3 40564 libpgtypes3_17.6-0+deb13u1_armhf.deb e2cb1252b7e6c092d518b7226677d818609c08f5 137720 libpq-dev_17.6-0+deb13u1_armhf.deb 8d9b130d09bbe55eecc689ca2afae8d2c8e2a4bc 293876 libpq5-dbgsym_17.6-0+deb13u1_armhf.deb c7115848dfac5f85689f815fdc8e0c437b50d530 210860 libpq5_17.6-0+deb13u1_armhf.deb 12d9c4abcf296bd2985e63fd7018b0760e4fb959 18835160 postgresql-17-dbgsym_17.6-0+deb13u1_armhf.deb 1000290e3718cc712e80e2bb3e5d6d6daa024d84 16825 postgresql-17_17.6-0+deb13u1_armhf-buildd.buildinfo 18f617694916e1c9a788afc59f7d707bc013b89f 15867500 postgresql-17_17.6-0+deb13u1_armhf.deb dba97f5402e0d22646d009a070cc0fbaeecc79ec 2786264 postgresql-client-17-dbgsym_17.6-0+deb13u1_armhf.deb fd50af9f08038bea797b5d7ea829843a33ee5dd2 1925780 postgresql-client-17_17.6-0+deb13u1_armhf.deb 9e403fc43416c53b344dac296fcf32e7e458b0d6 196876 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_armhf.deb 1d615a2822f2fb87803bc9ffe7eef4154ef91e7c 81284 postgresql-plperl-17_17.6-0+deb13u1_armhf.deb 44d6752f72494f14ad44dc36e8eb6d5098cf7a98 198408 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_armhf.deb b3223905b5ac7f98879457ea964ee79d47c824a8 103556 postgresql-plpython3-17_17.6-0+deb13u1_armhf.deb 1a11a864d332a833bed1e8d72786227dc66b2651 82924 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_armhf.deb 61da3a13c96624d8cfd229e2bcb4f9dff94b14ae 39900 postgresql-pltcl-17_17.6-0+deb13u1_armhf.deb 04f0a1896222c99d88bb302c9b364bcf7f49d2d1 56260 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_armhf.deb 116427c7cc9129a44aabf2e1d755a98f692cfd64 1298440 postgresql-server-dev-17_17.6-0+deb13u1_armhf.deb Checksums-Sha256: 1d8c0a30b2b0254efcd569c1eee4a8ac5794f72194072d5fcf7169197294e8df 16928 libecpg-compat3-dbgsym_17.6-0+deb13u1_armhf.deb a2fe7eab9cef41e0f9ebcd52598d71003876b701fb70440f9c1f08c78f555b94 15488 libecpg-compat3_17.6-0+deb13u1_armhf.deb 300bf507b89ee2bbad9da1bf984142689fb6e0c761ec5e04d5e02a31aca578ed 247876 libecpg-dev-dbgsym_17.6-0+deb13u1_armhf.deb 3fd3a336b5ce62501a8e7e5d4a89f608b597d7dd8f799065a287b67c61fcfed1 281324 libecpg-dev_17.6-0+deb13u1_armhf.deb f714c610b56f2e19b02a8fcee8da1695938b20ceb2554d9a8fd926887e22c3bc 113844 libecpg6-dbgsym_17.6-0+deb13u1_armhf.deb 7a062df1df3f504001658dfdc4e4e909d57d1e4c61bcbbedc8d7f29589c66492 53980 libecpg6_17.6-0+deb13u1_armhf.deb 07128106c8c37d8dbe813048e7fdc2f77cabf06dfea16c18d4b3068917008be4 91372 libpgtypes3-dbgsym_17.6-0+deb13u1_armhf.deb d626ba2b47d348a1e60876eae38335164eb6aed3936d4a43265e010a51e3a302 40564 libpgtypes3_17.6-0+deb13u1_armhf.deb fe01d73e540f552b71659a8c8b87667687d1916d342bd4609890f34ec0bd91fe 137720 libpq-dev_17.6-0+deb13u1_armhf.deb da0667b21e3e0f692e105ac73c8d1c1f696c536f2db236fb743be305309455dd 293876 libpq5-dbgsym_17.6-0+deb13u1_armhf.deb 0e2603a31c02a2e100451d3f58b2f9896c8110355734818f63687bf3891256d2 210860 libpq5_17.6-0+deb13u1_armhf.deb 4d40fe272e7b223fc4f4b5b518f62025f921c03f012e1c4ded5ef267673241f1 18835160 postgresql-17-dbgsym_17.6-0+deb13u1_armhf.deb 0c1d69e604d4ef5868b5a524b98673207d6ed2fda0d110fd17c2bfd74eb3bec0 16825 postgresql-17_17.6-0+deb13u1_armhf-buildd.buildinfo 4f22f7d35435cc062f3b7641c153d5880955e2d77eab4c10745a33d56c90c678 15867500 postgresql-17_17.6-0+deb13u1_armhf.deb 37500010a687bf509b19883696367a83a497e0cdba412cf6020b88103a3b2929 2786264 postgresql-client-17-dbgsym_17.6-0+deb13u1_armhf.deb 79f957e1bc64b4b54c86e1e2938492bf103e0d3c0f1750b4c6bbec6cab08fdfa 1925780 postgresql-client-17_17.6-0+deb13u1_armhf.deb 90a82bab82e4d13f01e6e146b3e43a42f3305648fc2c0fafe00ee530d886ff09 196876 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_armhf.deb 7a6b5a59912196d887d0e157d5238ae56aceb978b1e63319d90d2666254cd23f 81284 postgresql-plperl-17_17.6-0+deb13u1_armhf.deb 4ca946f64077e3a2cb3857b62cbc62620a3b9fa4879a21e811d3a62a4a6d6a03 198408 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_armhf.deb 98fabffb678541d80fbe6f19d08a777e86c01fc8e1562c01a612161ae0a6b999 103556 postgresql-plpython3-17_17.6-0+deb13u1_armhf.deb 58b86b6ea2ef5a6f65808094baac382b6aa2578f98fa106c27e536c6e43c710b 82924 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_armhf.deb 2cbfdbd888010cd9e7b3c8222536d8bf1ee9410da3daa7042c4c462070f27cec 39900 postgresql-pltcl-17_17.6-0+deb13u1_armhf.deb fa683a068df4e550b7fe85953d18aa3497e8698bcda361f1e35cc208fdef3f07 56260 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_armhf.deb c78f9eb19254b9cd94da490ec87cbde326668ab61e5aa9ac2cf169667aa532d6 1298440 postgresql-server-dev-17_17.6-0+deb13u1_armhf.deb Files: 30f5688bb6df2ef33523a48bb09b6c22 16928 debug optional libecpg-compat3-dbgsym_17.6-0+deb13u1_armhf.deb 7966ca2f9bfc6c0e9dd4dc3a0be8471e 15488 libs optional libecpg-compat3_17.6-0+deb13u1_armhf.deb 8d8622f4d790177437a029547c42005a 247876 debug optional libecpg-dev-dbgsym_17.6-0+deb13u1_armhf.deb a8c615f9d85eb4834ac4a0e7fd332b19 281324 libdevel optional libecpg-dev_17.6-0+deb13u1_armhf.deb 86c26532e40401c6db351524129d2008 113844 debug optional libecpg6-dbgsym_17.6-0+deb13u1_armhf.deb 3df5f71623b40033222458af900fe006 53980 libs optional libecpg6_17.6-0+deb13u1_armhf.deb 4b7284cec4ae22529cb65617e54d5f49 91372 debug optional libpgtypes3-dbgsym_17.6-0+deb13u1_armhf.deb b331f34eea406f9a0e940f68388a0ac9 40564 libs optional libpgtypes3_17.6-0+deb13u1_armhf.deb ef405514f04bafc6e88bf026fd0c4c1a 137720 libdevel optional libpq-dev_17.6-0+deb13u1_armhf.deb 66658ac84e973274b689b7f55bd042cf 293876 debug optional libpq5-dbgsym_17.6-0+deb13u1_armhf.deb 55aa140efa3bb7eed30274814d287e66 210860 libs optional libpq5_17.6-0+deb13u1_armhf.deb 2c2f51a23d9d78b4fd84d16fd3774190 18835160 debug optional postgresql-17-dbgsym_17.6-0+deb13u1_armhf.deb 8e53f8e23fb1d9616836f91a90101c43 16825 database optional postgresql-17_17.6-0+deb13u1_armhf-buildd.buildinfo 58b4f8d281b798ace0e7354651798021 15867500 database optional postgresql-17_17.6-0+deb13u1_armhf.deb 012036a67d325d297ec5777309f74894 2786264 debug optional postgresql-client-17-dbgsym_17.6-0+deb13u1_armhf.deb 0a48809fa22b76c3ed56ebf83c8bfa81 1925780 database optional postgresql-client-17_17.6-0+deb13u1_armhf.deb 8cb4632235b85eb5080eef0a149207c3 196876 debug optional postgresql-plperl-17-dbgsym_17.6-0+deb13u1_armhf.deb fac0b71e9395b686334b75fc4af8de46 81284 database optional postgresql-plperl-17_17.6-0+deb13u1_armhf.deb 8c94c092d03999d11401986d95f7a88d 198408 debug optional postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_armhf.deb 1017658aae1022780a131a3b02ac5c0c 103556 database optional postgresql-plpython3-17_17.6-0+deb13u1_armhf.deb 7f68105a7f0cd0adb54d4c33e9ab163d 82924 debug optional postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_armhf.deb eef75efca83cb6c661c1b1fb360d78c6 39900 database optional postgresql-pltcl-17_17.6-0+deb13u1_armhf.deb e32045e41a0771cc2b72dc2a51a1f5f7 56260 debug optional postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_armhf.deb 2bbcd8f5757e075ff1d79a755fd86a0b 1298440 libdevel optional postgresql-server-dev-17_17.6-0+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmio8ssACgkQlST9Us03 ywsjPw//WXOOj6qO4wG0fhUdC+vHU8SLMpAz00WniwBmq03HxhIIP2nDOdyBhoEc 6/MorJDRaPwYFLUc8oOnU+SaU4bPROn3Wu98pA5AgTw82U+Tccv8Qk2sDHQ5nFxZ sMjXeM/VL9tBItOVh0i1W2838/pxnraAnpnZi1MATG1g4ZGo9lBb8pBi2MyzsacH Nuvc1QvcyVyQ6EMHP2K4DW8PvkenCw7M2gv9Vr60g9Kpt+k90W7DcH2Tu8Kv7dGK dyqbi1hjfpJVKA8QkQhRt02hSy0NQk7WgaswZeZcpBjO3CZ8m5v73F1o0fCuv9QI 4JgcHJnS7qwsFl6mgSsozjLEtg6XXO+r5jzSR1PysJujwZTAQ7RPGhxZhSvsVH+Q yI9lWMxGeBrEoEi3aCHzSSc3ZN6dDQgXJxemJAmGCc2xru9LIi9j5pmWUbSRVMZV cOMxSlfI6aPueJwn/TOK8XUJZ+ieYx6wIXTL9h4tsU2NjLAPm8ODARJwiXT+zrHp Y+M6JkZVvEI4fnDVZuR+4u+WFv5FYlGqrAdDAnqjfUdJfPuFKmtHiYLiIVYx9TtN IUaCsOON7r7vvmYkUUSyAJEKfdSAxpyer2IU0VmWPX/q+CAwWBsOdMifWo6POFuJ mwvqR8a+dwb/khrTzd7mucmdqld9G/Vyp8VoSzVNRCnFwWbGSjw= =Uin0 -----END PGP SIGNATURE-----