-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2024 15:06:10 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: armhf
Version: 15.9-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.9-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.9.
 .
     + Ensure cached plans are marked as dependent on the calling role when RLS
       applies to a non-top-level table reference (Nathan Bossart)
 .
       If a CTE, subquery, sublink, security invoker view, or coercion
       projection in a query references a table with row-level security
       policies, we neglected to mark the resulting plan as potentially
       dependent on which role is executing it.  This could lead to later query
       executions in the same session using the wrong plan, and then returning
       or hiding rows that should have been hidden or returned instead.
 .
       The PostgreSQL Project thanks Wolfgang Walther for reporting this
       problem. (CVE-2024-10976)
 .
     + Make libpq discard error messages received during SSL or GSS protocol
       negotiation (Jacob Champion)
 .
       An error message received before encryption negotiation is completed
       might have been injected by a man-in-the-middle, rather than being real
       server output.  Reporting it opens the door to various security hazards;
       for example, the message might spoof a query result that a careless user
       could mistake for correct output.  The best answer seems to be to
       discard such data and rely only on libpq's own report of the connection
       failure.
 .
       The PostgreSQL Project thanks Jacob Champion for reporting this problem.
       (CVE-2024-10977)
 .
     + Fix unintended interactions between SET SESSION AUTHORIZATION and SET
       ROLE (Tom Lane)
 .
       The SQL standard mandates that SET SESSION AUTHORIZATION have a
       side-effect of doing SET ROLE NONE.  Our implementation of that was
       flawed, creating more interaction between the two settings than
       intended. Notably, rolling back a transaction that had done SET SESSION
       AUTHORIZATION would revert ROLE to NONE even if that had not been the
       previous state, so that the effective user ID might now be different
       from what it had been before the transaction.  Transiently setting
       session_authorization in a function SET clause had a similar effect. A
       related bug was that if a parallel worker inspected
       current_setting('role'), it saw none even when it should see something
       else.
 .
       The PostgreSQL Project thanks Tom Lane for reporting this problem.
       (CVE-2024-10978)
 .
     + Prevent trusted PL/Perl code from changing environment variables
       (Andrew Dunstan, Noah Misch)
 .
       The ability to manipulate process environment variables such as PATH
       gives an attacker opportunities to execute arbitrary code.  Therefore,
       trusted PLs must not offer the ability to do that.  To fix plperl,
       replace %ENV with a tied hash that rejects any modification attempt with
       a warning. Untrusted plperlu retains the ability to change the
       environment.
 .
       The PostgreSQL Project thanks Coby Abrams for reporting this problem.
       (CVE-2024-10979)
Checksums-Sha1:
 a29830d9ff203cfff46e39b7a03cb2bedc945a92 16664 libecpg-compat3-dbgsym_15.9-0+deb12u1_armhf.deb
 a6d3f76bdf44eb95035e433fc3d7f7d71e9eb561 16292 libecpg-compat3_15.9-0+deb12u1_armhf.deb
 d62d1bcd1d7d29734dad049dc53c9e9431f00ff7 235656 libecpg-dev-dbgsym_15.9-0+deb12u1_armhf.deb
 fa8453449b7ab40386cd787795703bade5d4a0fe 278212 libecpg-dev_15.9-0+deb12u1_armhf.deb
 aa52e1b04b83b339926d278f3c5638beebe7bf9d 111648 libecpg6-dbgsym_15.9-0+deb12u1_armhf.deb
 d0bf3bb93482dee132ae57d7c5345deb4f3a90c0 53980 libecpg6_15.9-0+deb12u1_armhf.deb
 fa047d9a50453c9e1bd8a2bd309658edf6a60a7e 88576 libpgtypes3-dbgsym_15.9-0+deb12u1_armhf.deb
 e6ee7b5b8484394dde572bcd8bf3c0c601adff44 40868 libpgtypes3_15.9-0+deb12u1_armhf.deb
 b5bf8bac6e1cfe92dd080235e0975831b05e7bfa 132984 libpq-dev_15.9-0+deb12u1_armhf.deb
 3625759d8bccffb453c7ab0fc8b269cc9c7bd15f 273560 libpq5-dbgsym_15.9-0+deb12u1_armhf.deb
 5bf533501b544eccf72c7765e909f5859f3b6a7c 170952 libpq5_15.9-0+deb12u1_armhf.deb
 15a62e4eab5755b0495efeed5158ade6189f3dd2 16185020 postgresql-15-dbgsym_15.9-0+deb12u1_armhf.deb
 9a4001e01905deb2e26256950c113f8e83ad1e2b 16837 postgresql-15_15.9-0+deb12u1_armhf-buildd.buildinfo
 d1114eebe64cb3df6d9de128cd7a379016e30dc0 16066736 postgresql-15_15.9-0+deb12u1_armhf.deb
 b16191e2a1456bcdbaa7f1e0ddad09a8fc43b963 2242340 postgresql-client-15-dbgsym_15.9-0+deb12u1_armhf.deb
 eb312c14ecb5098e5fae1872db15186d70d39c96 1618976 postgresql-client-15_15.9-0+deb12u1_armhf.deb
 12d6fe4a001389e7e89de28f6586a2977ff2597d 182848 postgresql-plperl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 925e359afcd1aa67098e368dd18c734101245018 87336 postgresql-plperl-15_15.9-0+deb12u1_armhf.deb
 c571f57e8f9770619c5f2ad78da5fd002e09d2f3 171636 postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_armhf.deb
 bdc7ea309e2713a5918229763951b7f77190fdbe 105488 postgresql-plpython3-15_15.9-0+deb12u1_armhf.deb
 19d0908711c830b78f52bee3cdd973afcac99fe5 78260 postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 759fdfc7bab142cfcb5f880f178afb7bf39e0c17 40120 postgresql-pltcl-15_15.9-0+deb12u1_armhf.deb
 93a250adfdf03a10370f9803574ea7a09040cd81 1130640 postgresql-server-dev-15_15.9-0+deb12u1_armhf.deb
Checksums-Sha256:
 a1242a8fd84331d46be193c5374695f6416aad40f58e422212ff6f6ddde52b21 16664 libecpg-compat3-dbgsym_15.9-0+deb12u1_armhf.deb
 08c5294598ac4be7199fca767c8cdc2eb656335c70e890ea809acef93a82b464 16292 libecpg-compat3_15.9-0+deb12u1_armhf.deb
 f8c723d8b9881ffaa0c035b9bebb8cb688c8ef6ffb8d6d893b99d8e91db9683c 235656 libecpg-dev-dbgsym_15.9-0+deb12u1_armhf.deb
 f6d9aea4022834a545d7725f4e22f02ce7f0bafb80833e59ff513ee6a2115301 278212 libecpg-dev_15.9-0+deb12u1_armhf.deb
 fa0e6f8bace3295d122efc38603de7fdb2f0082aaf1842bb552bde77348d0ecd 111648 libecpg6-dbgsym_15.9-0+deb12u1_armhf.deb
 febb2b3a8732f1d34cf71bf4d08033a9eadfd99d17299bd3ed26fa77a4a87963 53980 libecpg6_15.9-0+deb12u1_armhf.deb
 64b4abcbb2982fbf08b93fca7d0d96fe60fc1630251f333998dccf3d3dd04f3b 88576 libpgtypes3-dbgsym_15.9-0+deb12u1_armhf.deb
 0d566a7f9e3dbd6c10973877e7075f3818269e5c3bf39bcb324740e159a7ae65 40868 libpgtypes3_15.9-0+deb12u1_armhf.deb
 fdd27374d61ae801b67c90cdb1aace3c4c9a6a1ea65c0f1eb148178e935c9017 132984 libpq-dev_15.9-0+deb12u1_armhf.deb
 97b0a87ae540a6a4bc13ec40a631b40d8f5910a3655dd190c9b993a9f32724ff 273560 libpq5-dbgsym_15.9-0+deb12u1_armhf.deb
 54e628db8bed5b988b939a63c50fa4a53a646f1ac4cdc8aa0df99acc97bd4f2c 170952 libpq5_15.9-0+deb12u1_armhf.deb
 f25d59fd3c17a6d3ed8dcd68859231e441d23c7bbfe051d8ef10d97158d1f292 16185020 postgresql-15-dbgsym_15.9-0+deb12u1_armhf.deb
 206e69380dc80e28f91de64d00b580f0200116c1b01af0a229d46bd01837e704 16837 postgresql-15_15.9-0+deb12u1_armhf-buildd.buildinfo
 e80e35cf89499cb6317f195bc71aa06eaa4d4f55edaf64c42aa21eeea7b2ca13 16066736 postgresql-15_15.9-0+deb12u1_armhf.deb
 ebb2bfb57cb5fc9be3d6e726d751bfde954497db37f0181d0e0b1f540d05b1a8 2242340 postgresql-client-15-dbgsym_15.9-0+deb12u1_armhf.deb
 f9bc0bf3af5ca0476b061b01fa8e531cd3c8ff1ed801265c8f2714b6600c6fb7 1618976 postgresql-client-15_15.9-0+deb12u1_armhf.deb
 215956d5dbea28715f8f9ab43d3870381704bfce92d49af60b7347f6556d9d33 182848 postgresql-plperl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 81beb40fc84dc76834e053c76b7518a7acf0c65c467315d5fe49382cb7c1b58a 87336 postgresql-plperl-15_15.9-0+deb12u1_armhf.deb
 21e44f0f65f1b2635fa16ec642add1fcfbbba1e17d33d8546bcf840348b67f6a 171636 postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_armhf.deb
 078ebdf71e89a18015e5c13ea350b6b3350a0547b5702a61f659bb7d162a7b91 105488 postgresql-plpython3-15_15.9-0+deb12u1_armhf.deb
 62e57bb13e4173dc04f6ea83434bef51012467622c861f36281ae0f99eff2004 78260 postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 401e77d649880622c5980d6c938188820bde5946eba586025ac49244528b0313 40120 postgresql-pltcl-15_15.9-0+deb12u1_armhf.deb
 c87f8a93d5be2cd4e483f486cc583ca9bfe6246d554572290b2446670e3bf790 1130640 postgresql-server-dev-15_15.9-0+deb12u1_armhf.deb
Files:
 3369ceec9ed3957df673ec2c0df10812 16664 debug optional libecpg-compat3-dbgsym_15.9-0+deb12u1_armhf.deb
 3b07e0503bb34259bf495a90f88eacad 16292 libs optional libecpg-compat3_15.9-0+deb12u1_armhf.deb
 60c7d264fc0e7002a77c37df6a675f85 235656 debug optional libecpg-dev-dbgsym_15.9-0+deb12u1_armhf.deb
 efc4bc529a96c8c8baa7713e4d71907c 278212 libdevel optional libecpg-dev_15.9-0+deb12u1_armhf.deb
 60e3e17a5fa835962fdc08ff7860b779 111648 debug optional libecpg6-dbgsym_15.9-0+deb12u1_armhf.deb
 c5a5703114ebce001ed6448802c8c736 53980 libs optional libecpg6_15.9-0+deb12u1_armhf.deb
 0de2222d002bd56d55be847385676f6a 88576 debug optional libpgtypes3-dbgsym_15.9-0+deb12u1_armhf.deb
 270bc10e1e644e2799ceb1a30d34ef09 40868 libs optional libpgtypes3_15.9-0+deb12u1_armhf.deb
 178f737ce449309d4a5edf999b508a6c 132984 libdevel optional libpq-dev_15.9-0+deb12u1_armhf.deb
 282adb81959c249ade970a47f20bd55c 273560 debug optional libpq5-dbgsym_15.9-0+deb12u1_armhf.deb
 29a5f8820efd6da00963df7769a80532 170952 libs optional libpq5_15.9-0+deb12u1_armhf.deb
 c6fef547788e7d009b5321f7ab9c0274 16185020 debug optional postgresql-15-dbgsym_15.9-0+deb12u1_armhf.deb
 f66651bd7a72c57fbe1b6f0307b45bb8 16837 database optional postgresql-15_15.9-0+deb12u1_armhf-buildd.buildinfo
 8a0d686ec2ff6022171386e2c91b442b 16066736 database optional postgresql-15_15.9-0+deb12u1_armhf.deb
 30dfdf917b5f30fbad54888cd424556c 2242340 debug optional postgresql-client-15-dbgsym_15.9-0+deb12u1_armhf.deb
 70dbcf46d947c8b0ed33db107ae693fc 1618976 database optional postgresql-client-15_15.9-0+deb12u1_armhf.deb
 e770b5b38c876e2cc8196b8dedf17890 182848 debug optional postgresql-plperl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 e2398b9a7d0b1f7b7b8af05b2765a165 87336 database optional postgresql-plperl-15_15.9-0+deb12u1_armhf.deb
 fc2bc0d0a0951356ce0c9b11a422ea97 171636 debug optional postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_armhf.deb
 7622306a6359f325325eb77804e4d32c 105488 database optional postgresql-plpython3-15_15.9-0+deb12u1_armhf.deb
 b38e8ee6a810bea3f179daef480d804a 78260 debug optional postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_armhf.deb
 c233433ecb2f1309e4ece675058737f5 40120 database optional postgresql-pltcl-15_15.9-0+deb12u1_armhf.deb
 447f36d41cc2ca1d69a3181c9c242346 1130640 libdevel optional postgresql-server-dev-15_15.9-0+deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegRwmIwj8f99iF4m4CwlMGxHD8UFAmczepoACgkQ4CwlMGxH
D8VJ6xAA8a6eE2Fe7kTCiUw/PH+KMLHBFjN80yCBe/Q1MeSnLXZYUm0H5CFPbJOv
iPim82jQAQ/UPvSpJMBl+uAaox7sPxWrNfisfqZX/O38FDvrAmVij7AxjCMgHyXa
TcKG7BUzzNG65+lmDfZTcgsoBzJhYIL2/FxESZpZo4ZZSRDM5QMfVX28PUW1xJkP
0W7oW/qEoIKxJI6Up6AcsKgSNxso17Pt3xjxETPSGho6r8fWJCu4yiPeS42te0Tt
Pby7fPnkyW1L5iEwKrB/KOPHja/+5TfAFh8oQcSMiu5WNabaYfG5G8QosmC80IhH
+du01fFYUU44kxn1ICl7twszUJqpmTQpEptQOwdqhVF4H9mgG27/sS6f3ZNvKeUi
FeHIC5qven/0MWafliK/B4Q/uD79uYvqV8Y7ZV7XfT+iDXmurOitIWgtvXG9R8hW
Ki0uOTq5PliubfKpaPsi+Iw4sd/Zevc14f87icZ3TMmjSfsmd4wO9l1BOEh7coaW
VyiFzrTgFkRNAmrHko09AVbG9/kgJFbs1rRG3mV0EebIe3DaYs4lD5UH6QH9vg/W
8hc/BZNDJVUVoMv6CsySfNWUdTZ0YET27JdZq/1TVZX7CXoSforJqaY51uw8k9wd
Pvfnh/qIUkf7h42RRHcaBuzKdRsr9mz8rVU0xut8i6qKYJj/GSs=
=bioF
-----END PGP SIGNATURE-----