diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:18:10 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:18:10 +0000 |
| commit | 9edd592bb5115412a6e91e094e87b2d8c29b9804 (patch) | |
| tree | 1afb819d792f9f3055d0b60174899f5df6dac93f | |
| parent | Merging upstream version 15.6. (diff) | |
| download | postgresql-15-9edd592bb5115412a6e91e094e87b2d8c29b9804.tar.xz postgresql-15-9edd592bb5115412a6e91e094e87b2d8c29b9804.zip | |
Merging debian version 15.6-0+deb12u1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
| -rw-r--r-- | debian/changelog | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 85ea393..e15871f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +postgresql-15 (15.6-0+deb12u1) bookworm-security; urgency=medium + + * New upstream version. + + * Tighten security restrictions within REFRESH MATERIALIZED VIEW + CONCURRENTLY (Heikki Linnakangas) + + One step of a concurrent refresh command was run under weak security + restrictions. If a materialized view's owner could persuade a superuser + or other high-privileged user to perform a concurrent refresh on that + view, the view's owner could control code executed with the privileges + of the user running REFRESH. Fix things so that all user-determined code + is run as the view's owner, as expected. + + The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. + (CVE-2024-0985) + + -- Christoph Berg <myon@debian.org> Tue, 06 Feb 2024 13:37:19 +0100 + postgresql-15 (15.5-0+deb12u1~progress6.99u1) fuchur-backports; urgency=medium * Initial reupload to fuchur-backports. |