-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Aug 2025 13:03:55 +0200 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: riscv64 Version: 17.6-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: riscv64 Build Daemon (rv-manda-01) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Closes: 1107984 Changes: postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. Checksums-Sha1: f4fa47f461cac46a955d683b194d6269a4343dbd 16736 libecpg-compat3-dbgsym_17.6-0+deb13u1_riscv64.deb 1b985c6b7cf00306f94ed460a8518cf51c086742 16744 libecpg-compat3_17.6-0+deb13u1_riscv64.deb 45608e0132ae0b9a4282960a89ddc31c7b0d80bf 247576 libecpg-dev-dbgsym_17.6-0+deb13u1_riscv64.deb 98f2cab68ece204d8f178f1e762ec386d159159f 385032 libecpg-dev_17.6-0+deb13u1_riscv64.deb 5f3deb743deb77e847879d92ad19cc847f8fc0c2 106864 libecpg6-dbgsym_17.6-0+deb13u1_riscv64.deb 39b08cc0f21befe8f94ad2d8c682aab0a859e7c7 60272 libecpg6_17.6-0+deb13u1_riscv64.deb 8f812588c27245bbd2e4b1e58700573f8a687616 86144 libpgtypes3-dbgsym_17.6-0+deb13u1_riscv64.deb 9caa17662ab0451bdf2173b9ff7da63a4a9471e0 46272 libpgtypes3_17.6-0+deb13u1_riscv64.deb 878ee23c007819c163ede1513f2b808d57c101e8 263852 libpq-dev_17.6-0+deb13u1_riscv64.deb a0d44d50029388ba7347aaed39b99ae65408fc94 283276 libpq5-dbgsym_17.6-0+deb13u1_riscv64.deb 5dc1ba4260483026924183dea22a46c795d90884 228364 libpq5_17.6-0+deb13u1_riscv64.deb 49b71ecb1e8985d0450b8de1be684b21a9f7b562 17264084 postgresql-17-dbgsym_17.6-0+deb13u1_riscv64.deb 5ae21de7cf05eca53167f79f4ec9b587c8bda829 16222 postgresql-17_17.6-0+deb13u1_riscv64-buildd.buildinfo 43276888a04980f6ff93b1474fb42857ad58c9bf 6888372 postgresql-17_17.6-0+deb13u1_riscv64.deb 956948f8db43cad382c10dda6f330790f0d8e99f 2838752 postgresql-client-17-dbgsym_17.6-0+deb13u1_riscv64.deb 7ce533c377de9c3cfd7255fc9ab27cf17c268bd6 2013356 postgresql-client-17_17.6-0+deb13u1_riscv64.deb 96bbb2f3a86cc0a7740637f3678ca936739e31cc 193400 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_riscv64.deb 5f9410236127eadc2f2c16f60c588bd37f726d42 68848 postgresql-plperl-17_17.6-0+deb13u1_riscv64.deb 2068c4204637bf2cfb27899e5bd7a175d96fcc4a 196732 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_riscv64.deb 7bf9c6d09f9b858f1cb3d16545ffc6da2a0534c8 90052 postgresql-plpython3-17_17.6-0+deb13u1_riscv64.deb 84961c7350fd1cdf14b06f372c8989345785b471 83444 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_riscv64.deb 4a884b1517eb69fbbcf4bb7699a9830c0595fe06 41272 postgresql-pltcl-17_17.6-0+deb13u1_riscv64.deb c6a13f5f5354c19e522882d66eb263a24f380b66 54204 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_riscv64.deb 9679a92548ba39295b1b5f8658b7cde95aa9c861 1527744 postgresql-server-dev-17_17.6-0+deb13u1_riscv64.deb Checksums-Sha256: 3d0fcd657703dd638ad26b6a59a923b9ba197e0f3f3090b511f59b67e4bf0ee2 16736 libecpg-compat3-dbgsym_17.6-0+deb13u1_riscv64.deb 3f25a014b6e05a14827e91cb22695e8f7e07503273ec5a1d2c33ceec248bb17b 16744 libecpg-compat3_17.6-0+deb13u1_riscv64.deb 8781ede81a293241810c766119858ce060a7f709732b9a43b524cfb9285846d4 247576 libecpg-dev-dbgsym_17.6-0+deb13u1_riscv64.deb 97946924fb76249664382e9aeeb2389fa5d9ad6237f1838b3f03ce542fe6b295 385032 libecpg-dev_17.6-0+deb13u1_riscv64.deb 74f27a7ed32d452952be57d425fc1c0b91d44b82fded68924c34fab4015ea2d5 106864 libecpg6-dbgsym_17.6-0+deb13u1_riscv64.deb a2a6f5eda239a61379eab1d53cdda0ec581d2870193c74fc08a6493ec3478d90 60272 libecpg6_17.6-0+deb13u1_riscv64.deb e7032a34a2243af17bbea2c40825275f5d6fa9a135a4febe69d6cce35058a1f6 86144 libpgtypes3-dbgsym_17.6-0+deb13u1_riscv64.deb 24769a22de49f841cb48c16c7fd4a0575ce3e93c32d3ecaac9ced3aeb67ff2bb 46272 libpgtypes3_17.6-0+deb13u1_riscv64.deb a56ed943edcc03833c21b551f4f900d590d47cc8962528bf1a2b9ff118f0c81a 263852 libpq-dev_17.6-0+deb13u1_riscv64.deb f09f6017a41de49aa3cbadedc7603707915b5f5a3cb48374e22e6ef30091118e 283276 libpq5-dbgsym_17.6-0+deb13u1_riscv64.deb be3ffd3973c47596b5b6388555e539af68160de612aa18a987eb4a1a8fec6b97 228364 libpq5_17.6-0+deb13u1_riscv64.deb de1bb2d567a05c02757d7213037a21be36b0d3c569f3a82ee27ecaebf84b8595 17264084 postgresql-17-dbgsym_17.6-0+deb13u1_riscv64.deb 6f4cf3eacef40e8d33742da87deeeda56329958da2cdf1b3e0d7cdc2d1b48735 16222 postgresql-17_17.6-0+deb13u1_riscv64-buildd.buildinfo e399f437125ff980ebcdd3177e14a25aa9ade87263c6b6c681fef072bfcb5c49 6888372 postgresql-17_17.6-0+deb13u1_riscv64.deb 9dbafbe12f79d7aa1606e18b58d02bdecdac99b5bf03774661721d14d6fe5e99 2838752 postgresql-client-17-dbgsym_17.6-0+deb13u1_riscv64.deb 90304cfd7824cc34b8896056d8637eadc16a9b83d31a3b98c96368556c040257 2013356 postgresql-client-17_17.6-0+deb13u1_riscv64.deb f6c34855a86a0360d4a2e990fa98598b83efa5a2ccbce6060a2b537d033c4846 193400 postgresql-plperl-17-dbgsym_17.6-0+deb13u1_riscv64.deb c57e9120fb0ed082451e66972011c490574da0f7c56d4267f216758083d674c8 68848 postgresql-plperl-17_17.6-0+deb13u1_riscv64.deb 525117aa3a1e5f55d2473dbce5a227aaabacb1067d300b6fdff94d3b83cee7be 196732 postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_riscv64.deb c7776e7c4ad74a16f32f9c78434be30c83854d4e7c33bf6596459a04daf7317d 90052 postgresql-plpython3-17_17.6-0+deb13u1_riscv64.deb 03eeef7913a9ba3bb22ce2a584e8acc77e7bb52623b977ae47d9c2c68a80c447 83444 postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_riscv64.deb ea6a44b562d08819ccdf577ffc2cd1fb616f5b32fe71d94e8f7c168372198c04 41272 postgresql-pltcl-17_17.6-0+deb13u1_riscv64.deb 08b58e7c494762533592d1cc1c9a93563a12d0447d8e9a2b49641df54bb383e1 54204 postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_riscv64.deb ec78fc8c70a2664a0ea05b567eb42432d53f0b0dc71bfdafef1754f4501c82c0 1527744 postgresql-server-dev-17_17.6-0+deb13u1_riscv64.deb Files: 8c957ace4e7747b0c832a4be68066724 16736 debug optional libecpg-compat3-dbgsym_17.6-0+deb13u1_riscv64.deb a30949cad3380340944a3a35d3d5bce8 16744 libs optional libecpg-compat3_17.6-0+deb13u1_riscv64.deb f05935f9631d2388b2ebda65e3bb3827 247576 debug optional libecpg-dev-dbgsym_17.6-0+deb13u1_riscv64.deb cc5451b051e3cb35304d84f401c10cc3 385032 libdevel optional libecpg-dev_17.6-0+deb13u1_riscv64.deb 867493166a40bd0064dbe5b02170a3d2 106864 debug optional libecpg6-dbgsym_17.6-0+deb13u1_riscv64.deb b93d00526709cf4c42ea8e96cdd1eb8d 60272 libs optional libecpg6_17.6-0+deb13u1_riscv64.deb fba38969cb7dbbfb341c77072b69b5f5 86144 debug optional libpgtypes3-dbgsym_17.6-0+deb13u1_riscv64.deb 58aece807f5bbcecef3520eabc832807 46272 libs optional libpgtypes3_17.6-0+deb13u1_riscv64.deb 362644752a85722d66c6d4fa6109209b 263852 libdevel optional libpq-dev_17.6-0+deb13u1_riscv64.deb f44fccc96f43a80a5b4f1c07f8585eac 283276 debug optional libpq5-dbgsym_17.6-0+deb13u1_riscv64.deb 1b5b1cb96a6e41d7cb729a2b3b66b578 228364 libs optional libpq5_17.6-0+deb13u1_riscv64.deb 84b9309b9511dbe0b5b81924727aacb8 17264084 debug optional postgresql-17-dbgsym_17.6-0+deb13u1_riscv64.deb 790e9d64166b298025cb20846f3b6acc 16222 database optional postgresql-17_17.6-0+deb13u1_riscv64-buildd.buildinfo b95f617bdb6ed59b9049393035235b15 6888372 database optional postgresql-17_17.6-0+deb13u1_riscv64.deb 1d12b038e61b0ed047dbab6438cec8d9 2838752 debug optional postgresql-client-17-dbgsym_17.6-0+deb13u1_riscv64.deb 82b0606f763a00a358a6dec832d5d7b6 2013356 database optional postgresql-client-17_17.6-0+deb13u1_riscv64.deb 61372e40839a295e89fef9bda82546bf 193400 debug optional postgresql-plperl-17-dbgsym_17.6-0+deb13u1_riscv64.deb f03697898a949bf9e19f4506664dc5bb 68848 database optional postgresql-plperl-17_17.6-0+deb13u1_riscv64.deb cd78a4c9889499a9c96b2c2db3555efb 196732 debug optional postgresql-plpython3-17-dbgsym_17.6-0+deb13u1_riscv64.deb 9c6d5bea3fa8d9ca168388c72b612585 90052 database optional postgresql-plpython3-17_17.6-0+deb13u1_riscv64.deb d59acf9469e91a8df2161d18c856bf02 83444 debug optional postgresql-pltcl-17-dbgsym_17.6-0+deb13u1_riscv64.deb 6980204e323a111013d400f5ccbffdbd 41272 database optional postgresql-pltcl-17_17.6-0+deb13u1_riscv64.deb 67c98347ad3e1fd1c0ee9ef9b32b8070 54204 debug optional postgresql-server-dev-17-dbgsym_17.6-0+deb13u1_riscv64.deb 60784750f9700af768dd97b5a350f0f1 1527744 libdevel optional postgresql-server-dev-17_17.6-0+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEr1DoflQE5rwrZmkOdH2L+FrKb9gFAmipEtwACgkQdH2L+FrK b9i9gRAAmrdCRbPeBC3lSUZhaW8rfOBupspH+nAJHF4xE4lww3Xdp+nmzQPR951k tTB5fZ2dkStGFSuM+C9ZFOxKbUfMrzfFaYMWQ191Q9ShP4Ah4V37Ej13rfQx2Atu QMz4TVaYVUoY56V2LFSFUuoRw5SFPdWGUpAMqPb21Ex5YKqEoEQ3QJ+h6bV0VLcB N0hxHbTjwVtYndFremOpUTYZdnpKzyvsc0dusqSnp73f6rrClYN7333i+283StqA Sb7lJwLjxsssFyJDbGPG+3+dD4KpJy5MZ3qddTzpO4PzSe3utMHQ16rINyVtDWQO bnv9IMB2lWm7lTp+a92WorIPXiedIkn8c32snzlKE5xH0ZpDwb7v05k6+WwqPvle fJBxYxo0uXdBs270tlQPVKAHD34lKG5b88IqNpmvfL/zO7Okr+wIvCA6a7xpxDvU phDUxavK3RS/E6T+cmE3LtdbDb7IYxKTycjxBakOveklXEcgxwecSWRKb1IQVC7Y HhPiwGnj5pkFajdb30nSuK2z64vJnLIO9pt2jCf8E9VxbILEQUFU+ZOKL8PI60si /0D3C82X0YTbj+q0kmMWWgeBkRYXuk4VhRh8QKcOXzr2eABEixaprPMoPhSCr4Ly BgoqxmwOav9zkOUG9e1TWSRTbXZIGCX9T8zy+FoYSIKUPEq07Ps= =JjUd -----END PGP SIGNATURE-----