-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2024 15:06:10 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: ppc64el
Version: 15.9-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.9-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.9.
 .
     + Ensure cached plans are marked as dependent on the calling role when RLS
       applies to a non-top-level table reference (Nathan Bossart)
 .
       If a CTE, subquery, sublink, security invoker view, or coercion
       projection in a query references a table with row-level security
       policies, we neglected to mark the resulting plan as potentially
       dependent on which role is executing it.  This could lead to later query
       executions in the same session using the wrong plan, and then returning
       or hiding rows that should have been hidden or returned instead.
 .
       The PostgreSQL Project thanks Wolfgang Walther for reporting this
       problem. (CVE-2024-10976)
 .
     + Make libpq discard error messages received during SSL or GSS protocol
       negotiation (Jacob Champion)
 .
       An error message received before encryption negotiation is completed
       might have been injected by a man-in-the-middle, rather than being real
       server output.  Reporting it opens the door to various security hazards;
       for example, the message might spoof a query result that a careless user
       could mistake for correct output.  The best answer seems to be to
       discard such data and rely only on libpq's own report of the connection
       failure.
 .
       The PostgreSQL Project thanks Jacob Champion for reporting this problem.
       (CVE-2024-10977)
 .
     + Fix unintended interactions between SET SESSION AUTHORIZATION and SET
       ROLE (Tom Lane)
 .
       The SQL standard mandates that SET SESSION AUTHORIZATION have a
       side-effect of doing SET ROLE NONE.  Our implementation of that was
       flawed, creating more interaction between the two settings than
       intended. Notably, rolling back a transaction that had done SET SESSION
       AUTHORIZATION would revert ROLE to NONE even if that had not been the
       previous state, so that the effective user ID might now be different
       from what it had been before the transaction.  Transiently setting
       session_authorization in a function SET clause had a similar effect. A
       related bug was that if a parallel worker inspected
       current_setting('role'), it saw none even when it should see something
       else.
 .
       The PostgreSQL Project thanks Tom Lane for reporting this problem.
       (CVE-2024-10978)
 .
     + Prevent trusted PL/Perl code from changing environment variables
       (Andrew Dunstan, Noah Misch)
 .
       The ability to manipulate process environment variables such as PATH
       gives an attacker opportunities to execute arbitrary code.  Therefore,
       trusted PLs must not offer the ability to do that.  To fix plperl,
       replace %ENV with a tied hash that rejects any modification attempt with
       a warning. Untrusted plperlu retains the ability to change the
       environment.
 .
       The PostgreSQL Project thanks Coby Abrams for reporting this problem.
       (CVE-2024-10979)
Checksums-Sha1:
 06c91135da66379e845c7f3b3fe1d13d5a5ab93c 17580 libecpg-compat3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 ded3af2e4197918b1ebd1b3bf4f9743db495e05b 18604 libecpg-compat3_15.9-0+deb12u1_ppc64el.deb
 48d7ba9dd278f659746713de0aff64d80839077e 223540 libecpg-dev-dbgsym_15.9-0+deb12u1_ppc64el.deb
 a1680cb454cb1d251f05ea0e6d5c240fc1c25045 299788 libecpg-dev_15.9-0+deb12u1_ppc64el.deb
 5939678734347420c11a97a510a2fe62860dac2a 113352 libecpg6-dbgsym_15.9-0+deb12u1_ppc64el.deb
 db952d944d3ff8dc0846a7d332010fc71d8fefa9 65528 libecpg6_15.9-0+deb12u1_ppc64el.deb
 5f7f5c89ddcb2344c26479abbac6af45f4686560 90912 libpgtypes3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 04dff14021e9b768d361a5362af77d4607a5970c 49160 libpgtypes3_15.9-0+deb12u1_ppc64el.deb
 ab812f42158d5288764ee9a0d26b868144d04eb8 156872 libpq-dev_15.9-0+deb12u1_ppc64el.deb
 a41ff5375022e7096786f4a47f0610a9ebf91a70 284988 libpq5-dbgsym_15.9-0+deb12u1_ppc64el.deb
 320031e0ca699a4196416803d9ff127694609191 201160 libpq5_15.9-0+deb12u1_ppc64el.deb
 693c7fbfb1fe8882228f6c65d24987002beb936a 16686752 postgresql-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 6cd5d5e6df8895dace95e2503700f714f67f8e1e 17094 postgresql-15_15.9-0+deb12u1_ppc64el-buildd.buildinfo
 dd043300c60a1b15ecb36d86af7c912ca2141980 17150956 postgresql-15_15.9-0+deb12u1_ppc64el.deb
 4ad59036ee0696ff60c04f6e840a95b886566a12 2317416 postgresql-client-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 4390d1983b8605b7282b550f192965fce8636f2d 1729668 postgresql-client-15_15.9-0+deb12u1_ppc64el.deb
 e1882dd4bada396462310b4ea29a5d6097d1abf4 186432 postgresql-plperl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 12b15ea7e18a00dafa8cc32303634e17bcef21b4 91472 postgresql-plperl-15_15.9-0+deb12u1_ppc64el.deb
 589f1ec1b52e9eae763f39726f9de770a302893c 176620 postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 743d2a0ce437cd80c420dca3192ab4a432bc05b2 111976 postgresql-plpython3-15_15.9-0+deb12u1_ppc64el.deb
 5180d5f64720ae5a65bb064b6b86d8b0ca1890f0 80016 postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 44b8fc56590e49f910bd80502e6e3f5dc244ca48 42796 postgresql-pltcl-15_15.9-0+deb12u1_ppc64el.deb
 470dc8ad0d5d12def2af8aea11bbcc3a2a584ac2 1160240 postgresql-server-dev-15_15.9-0+deb12u1_ppc64el.deb
Checksums-Sha256:
 65cb5e151c358f9baa6fbf8c9afb5bfbe550d0fa28b51ce4db53bac78bae4e78 17580 libecpg-compat3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 9a6f28248f5707f9033b3bd999b28d52480176de9ab64fd29eb7eaf2f4f5a047 18604 libecpg-compat3_15.9-0+deb12u1_ppc64el.deb
 4ec3a5d8ab72d4f0a6245e4c6598ebc58b2f2275a6e9d31ed9098bc3106aa6ac 223540 libecpg-dev-dbgsym_15.9-0+deb12u1_ppc64el.deb
 49dba3cdc08cebce1989dd99ed9ab78d55a2be2f8bae63017ec6cd1379b2a1ad 299788 libecpg-dev_15.9-0+deb12u1_ppc64el.deb
 b3d2a0532369008c8de9808c930b0ce65a38d793468af2a9170494e959be88fd 113352 libecpg6-dbgsym_15.9-0+deb12u1_ppc64el.deb
 d8b40538dbc043d236d8941c55aaa0ee827de06f9a26791fb55f3c31cfd6eb14 65528 libecpg6_15.9-0+deb12u1_ppc64el.deb
 6c8c8fdd69137a616103d1d2696a70a1c1dc4282c9dc2cab92e1c389fc325013 90912 libpgtypes3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 407e61cd79651c78ca08d530977b6684152882bcbe8b6691237fd0ea3d90d33e 49160 libpgtypes3_15.9-0+deb12u1_ppc64el.deb
 438e1120fd24f8b861417e39946af46d707078ba351e71d9512f9c872b56dc46 156872 libpq-dev_15.9-0+deb12u1_ppc64el.deb
 0eb8ee803689667aa404df42382c33dc327895cc792e22f85063e4585cefc182 284988 libpq5-dbgsym_15.9-0+deb12u1_ppc64el.deb
 139c2de61a3ab238ba201adf52334e1c02f66dfff94deea4257df1b40f46e86c 201160 libpq5_15.9-0+deb12u1_ppc64el.deb
 e13c90521ae83a0b5df5516d68d67f9b29a32b2ab22b6e283d44894587b94666 16686752 postgresql-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 ea32c8dc8697f5b5b45a26d8925dca3f024541478558a905d868a53e9ee256c5 17094 postgresql-15_15.9-0+deb12u1_ppc64el-buildd.buildinfo
 0f54c6224ccd36a952176ddacfde72c2b22c5c318bfc621e8ba2698bbe3e18da 17150956 postgresql-15_15.9-0+deb12u1_ppc64el.deb
 c4bb7ddc0843c6c14e6e990d8863608d1df821a2f8d9e4d6ee8709dd91b0dbbb 2317416 postgresql-client-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 f1eee76b0a1067dd8b578e938e01e6f5817b6bee4e7e1e598ec406f6983e7179 1729668 postgresql-client-15_15.9-0+deb12u1_ppc64el.deb
 7a241719ed3e0926b7f68806442684f1c8648a6a376aadabf4d9fffe7bd7ced2 186432 postgresql-plperl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 cdbcce747a47934e3a2596b43cb3f90ac369254985d076a384bfc1f6a067370b 91472 postgresql-plperl-15_15.9-0+deb12u1_ppc64el.deb
 1da891aeb94fa1b1a3662b4ba95666ee2b663652f46f8a6b15e68e426c402ba2 176620 postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 0ee720280de496543b8cada3845d244b2f38c4255bc3e58c0ef185823305204a 111976 postgresql-plpython3-15_15.9-0+deb12u1_ppc64el.deb
 5fbd8bd4eeb8de695f9f08ec268d4e95a5ed5bdca6955c138c1290c83ca83aa0 80016 postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 3fd7a6c09e9329da945a2a63b63ba2fd9beaafc0204dd1b1ae3c0405d6b90c1f 42796 postgresql-pltcl-15_15.9-0+deb12u1_ppc64el.deb
 14f1a6819ee43f0b68ab8a9f5058c0e0c4b5083cd0341e27cf25092d24f41145 1160240 postgresql-server-dev-15_15.9-0+deb12u1_ppc64el.deb
Files:
 5c73c096dcda1da7129faeb30825af7f 17580 debug optional libecpg-compat3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 20d4ad6ef6484780856ff2abc2184ac2 18604 libs optional libecpg-compat3_15.9-0+deb12u1_ppc64el.deb
 0c010ded10f276628b4eb5a62146af95 223540 debug optional libecpg-dev-dbgsym_15.9-0+deb12u1_ppc64el.deb
 d8fe654e0025b25ae28fbf4c4df230b8 299788 libdevel optional libecpg-dev_15.9-0+deb12u1_ppc64el.deb
 555c8bd0715a191193421b329172af5f 113352 debug optional libecpg6-dbgsym_15.9-0+deb12u1_ppc64el.deb
 0d5198e73690c256a4af937dc94e96df 65528 libs optional libecpg6_15.9-0+deb12u1_ppc64el.deb
 b35cd2b3cccb63a150d3e63d4adcc3db 90912 debug optional libpgtypes3-dbgsym_15.9-0+deb12u1_ppc64el.deb
 bbeafd99f33be9d39eabde55c34cc2f0 49160 libs optional libpgtypes3_15.9-0+deb12u1_ppc64el.deb
 17ac43b0f7bbf3396ad722e3ea54db7a 156872 libdevel optional libpq-dev_15.9-0+deb12u1_ppc64el.deb
 be854e757cdfb9361789f5841e27e675 284988 debug optional libpq5-dbgsym_15.9-0+deb12u1_ppc64el.deb
 219b02045e939ccc72c104b5e9ca39ac 201160 libs optional libpq5_15.9-0+deb12u1_ppc64el.deb
 89b248438438ddba4edbe66960227c38 16686752 debug optional postgresql-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 c52a866a7b94080086b20fa023177e0e 17094 database optional postgresql-15_15.9-0+deb12u1_ppc64el-buildd.buildinfo
 bf1fe345796044d06b7f4634e903b7af 17150956 database optional postgresql-15_15.9-0+deb12u1_ppc64el.deb
 11274ea0f17a778fa355e6989932d3cf 2317416 debug optional postgresql-client-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 a4c37c0129e59ca9a5f05f0a2909c2fa 1729668 database optional postgresql-client-15_15.9-0+deb12u1_ppc64el.deb
 fafc7def581699fa68fa4f4e3554ddce 186432 debug optional postgresql-plperl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 5deab0941c6f78f8dc24d890b8fa9b65 91472 database optional postgresql-plperl-15_15.9-0+deb12u1_ppc64el.deb
 9d3108a8acb696758c1d3e44a89678e5 176620 debug optional postgresql-plpython3-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 8e6f509ebb3f4eca53f2d0e80b5d04b4 111976 database optional postgresql-plpython3-15_15.9-0+deb12u1_ppc64el.deb
 29ed435286f96e64eae0c0c5116d593c 80016 debug optional postgresql-pltcl-15-dbgsym_15.9-0+deb12u1_ppc64el.deb
 187665083fb36a00422006bf91b51081 42796 database optional postgresql-pltcl-15_15.9-0+deb12u1_ppc64el.deb
 2161ce4d823312aa7db5606624a59170 1160240 libdevel optional postgresql-server-dev-15_15.9-0+deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5v3ycPFoB5xoBEprvMjydu+xvRMFAmczeVkACgkQvMjydu+x
vROPjQ//VjBFJ/q2MipDIpzipNkXYKrpTDcrXqdpeNIUzRhr2zsRcNbBYRGeDKBm
3o7aM+g2j+YXKSYmUOCmxj7ULgiDh2AnPNhvO37nBOlklPg4I0f/tztbWBcF8tGm
5DvBybLQjJu7qocSSvo6BDVE45GdHMu8nNrQtMlRc9xwDKg6ZgLjvFYgDqaxXahP
6+Ox1SrBWODHMUtMn3lzM68G8Np1KhgRsPrg+2TrPM5a2JsnFntDp3POZmrxFl0N
c9Pk/1p3ntvpLg/CvXr35TlzfQI6+NZ0D3/8YKzVag3xxw0XnI0W9DKAs4b1lKK8
GoSwbMKZUcIAd1376pjM9/50L0gQRwwC6xnXQQW6kl+dihTD1AnMWccD/AM4CS7I
/ifUjH3/M9u8nM62aX+VKC/GuZGSvSqtJaFy3kOcD4oq7MLucp96N6rSYt98WxIR
xzsQ8nd4NFaJYv9uOgwVx0gsYZcWXuorO1pQg47YTIN+jCXn5qmzApNNhWzDAaWo
2qedJEOyiVuyHPhjWhB4DrlCzEb4Grrzx8+VocX+CTmecRi/42COZ7JpT9wZel+q
wh8ytiRQF2FQsFzGTJZ2XCfWxBkGjw+SzeAEH5lM7ew6yvZ+I9BRuj5OYNyMRZNK
D1osP+uwkfiRfpNGMy0gJSskpxNNBt/BT/g6l4HSFyIhTQny780=
=/c0/
-----END PGP SIGNATURE-----