Univention Bugzilla – Full Text Bug Listing |
Summary: | postgresql-9.6: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-3-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 3.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) |
Description
Quality Assurance
2020-02-27 15:30:26 CET
--- mirror/ftp/4.4/unmaintained/4.4-2/source/postgresql-9.6_9.6.15-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/postgresql-9.6_9.6.17-0+deb9u1.dsc @@ -1,3 +1,18 @@ +9.6.17-0+deb9u1 [Tue, 11 Feb 2020 14:31:19 +0100] Christoph Berg <myon@debian.org>: + + * New upstream version. + + Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION. + + Marking an object as dependent on an extension did not have any + privilege check whatsoever. This oversight allowed any user to mark + routines, triggers, materialized views, or indexes as droppable by + anyone able to drop an extension. Require that the calling user own the + specified object (and hence have privilege to drop it). (CVE-2020-1720) + +9.6.16-0+deb9u1 [Mon, 18 Nov 2019 11:25:55 +0100] Christoph Berg <myon@debian.org>: + + * New upstream version. + 9.6.15-0+deb9u1 [Thu, 08 Aug 2019 15:55:21 +0200] Christoph Berg <myon@debian.org>: * New upstream security release. <http://10.200.17.11/4.4-3/#5206621135469462871> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-3] cc02e309e4 Bug #50862: postgresql-9.6 9.6.17-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) [4.4-3] bc74fdfd00 Bug #50862: postgresql-9.6 9.6.17-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) |