Univention Bugzilla – Bug 49453
postgresql-9.6: Multiple issues (4.4)
Last modified: 2019-05-15 14:52:35 CEST
New Debian postgresql-9.6 9.6.13-0+deb9u1 fixes: This update addresses the following issue: * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * 9.6.12-0+deb9u1 (Fri, 15 Feb 2019 15:26:24 +0100) * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. * postgresql-9.6 (CVE-2019-10130)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/postgresql-9.6_9.6.11-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/postgresql-9.6_9.6.13-0+deb9u1.dsc @@ -1,3 +1,29 @@ +9.6.13-0+deb9u1 [Tue, 07 May 2019 12:51:42 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + Prevent row-level security policies from being bypassed via selectivity + estimators (Dean Rasheed) + + Some of the planner's selectivity estimators apply user-defined + operators to values found in pg_statistic (e.g., most-common values). + A leaky operator therefore can disclose some of the entries in a data + column, even if the calling user lacks permission to read that column. + In CVE-2017-7484 we added restrictions to forestall that, but we failed + to consider the effects of row-level security. A user who has SQL + permission to read a column, but who is forbidden to see certain rows + due to RLS policy, might still learn something about those rows' + contents via a leaky operator. This patch further tightens the rules, + allowing leaky operators to be applied to statistics data only when + there is no relevant RLS policy. (CVE-2019-10130) + + * Move maintainer address to tracker. + +9.6.12-0+deb9u1 [Fri, 15 Feb 2019 15:26:24 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + * Revert upstream patch "Disallow setting client_min_messages higher than + ERROR", it causes to much disruption to existing (test) scripts. + 9.6.11-0+deb9u1 [Thu, 24 Jan 2019 14:36:40 +0100] Christoph Berg <christoph.berg@credativ.de>: * New upstream version. <http://10.200.17.11/4.4-0/#2554061016322997059>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 1bdfecbaef Bug #49453: postgresql-9.6 9.6.13-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 54 ++-------------------------------- 1 file changed, 2 insertions(+), 52 deletions(-) [4.4-0] 41874ea4da Bug #49453: postgresql-9.6 9.6.13-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 64 ++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+)
<http://errata.software-univention.de/ucs/4.4/95.html>