summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:18:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:18:10 +0000
commit9edd592bb5115412a6e91e094e87b2d8c29b9804 (patch)
tree1afb819d792f9f3055d0b60174899f5df6dac93f /debian/changelog
parentMerging upstream version 15.6. (diff)
downloadpostgresql-15-9edd592bb5115412a6e91e094e87b2d8c29b9804.tar.xz
postgresql-15-9edd592bb5115412a6e91e094e87b2d8c29b9804.zip
Merging debian version 15.6-0+deb12u1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/changelog19
1 files changed, 19 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 85ea393..e15871f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+postgresql-15 (15.6-0+deb12u1) bookworm-security; urgency=medium
+
+ * New upstream version.
+
+ * Tighten security restrictions within REFRESH MATERIALIZED VIEW
+ CONCURRENTLY (Heikki Linnakangas)
+
+ One step of a concurrent refresh command was run under weak security
+ restrictions. If a materialized view's owner could persuade a superuser
+ or other high-privileged user to perform a concurrent refresh on that
+ view, the view's owner could control code executed with the privileges
+ of the user running REFRESH. Fix things so that all user-determined code
+ is run as the view's owner, as expected.
+
+ The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
+ (CVE-2024-0985)
+
+ -- Christoph Berg <myon@debian.org> Tue, 06 Feb 2024 13:37:19 +0100
+
postgresql-15 (15.5-0+deb12u1~progress6.99u1) fuchur-backports; urgency=medium
* Initial reupload to fuchur-backports.