-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Aug 2024 15:24:37 +0200 Source: postgresql-15 Binary: postgresql-doc-15 Architecture: all Version: 15.8-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Christoph Berg Description: postgresql-doc-15 - documentation for the PostgreSQL database management system Changes: postgresql-15 (15.8-0+deb12u1) bookworm-security; urgency=medium . * New upstream version. . + Prevent unauthorized code execution during pg_dump (Masahiko Sawada) . An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pg_dump session with the privileges of the role running pg_dump (which is often a superuser). The attack involves replacing a sequence or similar object with a view or foreign table that will execute malicious code. To prevent this, introduce a new server parameter restrict_nonsystem_relation_kind that can disable expansion of non-builtin views as well as access to foreign tables, and teach pg_dump to set it when available. Note that the attack is prevented only if both pg_dump and the server it is dumping from are new enough to have this fix. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2024-7348) . * Refresh debian/patches/focal-arm64-outline-atomics. Checksums-Sha1: f820f4e584daf9ba3816e6e47723f34babc642fd 10355 postgresql-15_15.8-0+deb12u1_all-buildd.buildinfo 9e7a4fe7e15b9240a486b3aa93b7a6d1cc50948f 2043012 postgresql-doc-15_15.8-0+deb12u1_all.deb Checksums-Sha256: 7e11df59cbbb37d8fa9d48b157e6d871f3292a4f0e9621ca4a1138a8a1c09eb5 10355 postgresql-15_15.8-0+deb12u1_all-buildd.buildinfo 9540abf01606cc8993ffb4f6c875de27ca130eeda7d51814afacf11a5d0e607d 2043012 postgresql-doc-15_15.8-0+deb12u1_all.deb Files: bee3c699c7827b530bc6cf596d1115b9 10355 database optional postgresql-15_15.8-0+deb12u1_all-buildd.buildinfo 53ec4b05468e19f08baa2c03ab32958f 2043012 doc optional postgresql-doc-15_15.8-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAma01+gACgkQigL77i1G SVmxUA//ZTuixt8rzKuPA5nz+1g9OAVTQkqZb4+VVpo+HXYlQ+o6HoyavP/5JknZ BiXlpSABdNJLskJK+LIv1hQamkrAZi5U8pN/hX25Zd2NvlhtRsNMqlDMqrFr0Hxk 0U0pCLtuxMmImYskS35saWP+CytOPRrJD6wbCwSRNkxX57aiD8bpo146+SHbWRN3 jumWe6EmTFukU0S4/2WvEMKj7eDcT3+8AOSq51CpgwXQEracFv0UxdIroq/pQHhJ yVxNx7JsqZmttyK+vku4D32TkXejy/TIltiPk94IPUem8ONE6e1oBF6HYWkDZWPW XmYTxNh6pHuoec6rvV9MeqiIyfxKmEzLhZqMSZIi4uKIl/i87+zact2RH4hNNgvS S4MqdDTCY0bkTruNQeHhenB8M3QLoRJNscd652piEhWLjpCxnVlkom0HmqjXSwFt ttF6Y3YN0SzwIGXLXDI5XVuvVklIPKtQtyOqh/M8tho3UMUU0eUJuNLM0yVWBi3e +n6qxcbgamg2B6w922Jbh6ZPbQo5Yy/wqvRLEt6dyEPK195Igu61OpAKR1zKT547 p5mS2g5s/ymHC565W6N7Y5x3h1Dysb/uS54aefXtJnloV9S4MekcsxCATp3CyK+Q IgVupGAmz0n78+hZVjdXmoK0kpaJ2hmRtTapdxnD5ChQHJ46YLQ= =Iq0m -----END PGP SIGNATURE-----