Format: 1.8 Date: Tue, 10 Nov 2020 13:45:55 +0100 Source: postgresql-13 Binary: libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-13 postgresql-client-13 postgresql-plperl-13 postgresql-plpython3-13 postgresql-pltcl-13 postgresql-server-dev-13 Architecture: s390x Version: 13.1-1 Distribution: hirsute-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 13 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-13 - object-relational SQL database, version 13 server postgresql-client-13 - front-end programs for PostgreSQL 13 postgresql-plperl-13 - PL/Perl procedural language for PostgreSQL 13 postgresql-plpython3-13 - PL/Python 3 procedural language for PostgreSQL 13 postgresql-pltcl-13 - PL/Tcl procedural language for PostgreSQL 13 postgresql-server-dev-13 - development files for PostgreSQL 13 server-side programming Closes: 974063 Changes: postgresql-13 (13.1-1) unstable; urgency=medium . * New upstream version. + Fixes timetz regression test failures. (Closes: #974063) . + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch) . This is essentially a leak in the security restricted operation sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser. . The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695) . + Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane) . The -d parameter of pg_dump and pg_restore, or the --maintenance-db parameter of the other programs mentioned, can be a connection string containing multiple connection parameters rather than just a database name. In cases where these programs need to initiate additional connections, such as parallel processing or processing of multiple databases, the connection string was forgotten and just the basic connection parameters (database name, host, port, and username) were used for the additional connections. This could lead to connection failures if the connection string included any other essential information, such as non-default SSL or GSS parameters. Worse, the connection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. (CVE-2020-25694) . + When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used (Tom Lane) . This avoids cases where reconnection might fail due to omission of relevant parameters, such as non-default SSL or GSS options. Worse, the reconnection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. This is largely the same problem as just cited for pg_dump et al, although psql's behavior is more complex since the user may intentionally override some connection parameters. (CVE-2020-25694) . + Prevent psql's \gset command from modifying specially-treated variables (Noah Misch) . \gset without a prefix would overwrite whatever variables the server told it to. Thus, a compromised server could set specially-treated variables such as PROMPT1, giving the ability to execute arbitrary shell code in the user's session. . The PostgreSQL Project thanks Nick Cleaton for reporting this problem. (CVE-2020-25696) . * Show only log files on failure. Checksums-Sha1: 62d6d406fbfe136f4d72c0c06b7d6d418556c26b 55676 libecpg-compat3-dbgsym_13.1-1_s390x.ddeb 185fbef78d2917af6b0f4288eaa4e3ecd0d0c90d 20260 libecpg-compat3_13.1-1_s390x.deb 432c0f3fdbc43b73820601c407b78cd000e23eff 304116 libecpg-dev-dbgsym_13.1-1_s390x.ddeb 61c578f277f4bd7049c95328857f9520204b9957 279268 libecpg-dev_13.1-1_s390x.deb 964081d4eff2a7519ce9d35f12d0092200845971 145944 libecpg6-dbgsym_13.1-1_s390x.ddeb f38dd30cb6df853fdd5376512d3040ffb689014c 58044 libecpg6_13.1-1_s390x.deb e8916f480bf49f8d8ba961a41d1e79ffaff2cece 126992 libpgtypes3-dbgsym_13.1-1_s390x.ddeb 35e66321ab75450141cc791a399691a77cd21239 48896 libpgtypes3_13.1-1_s390x.deb 3c77e9bb09f254df95063213bfee84a7296d71ec 134324 libpq-dev_13.1-1_s390x.deb 2a3d021f578194157b786ca24a136fc78b3ebf75 321664 libpq5-dbgsym_13.1-1_s390x.ddeb 513f73d0f42dae38a61b94166c87d56d35fc5b04 177836 libpq5_13.1-1_s390x.deb bdc327008744e4d025fc72e88a10a9f461b89958 18280064 postgresql-13-dbgsym_13.1-1_s390x.ddeb a986a8128cf75e0d5e03fda26b7aea2d8cc8e6de 14965 postgresql-13_13.1-1_s390x.buildinfo 7c1ed1dfa6e0e099af64119014be719de51e5c89 16435800 postgresql-13_13.1-1_s390x.deb dd81acbfdc9bb22192a6691cebe6ccf81206c736 2681876 postgresql-client-13-dbgsym_13.1-1_s390x.ddeb 47fca63be9e262b3aad7f0b06c79c52ad847de49 1521788 postgresql-client-13_13.1-1_s390x.deb eab30950a6539423817a1ecbeb3a9784ed00fcbe 178804 postgresql-plperl-13-dbgsym_13.1-1_s390x.ddeb 0b4f49d616595772558a1ed49c7f23d08255a3d6 85920 postgresql-plperl-13_13.1-1_s390x.deb f1ce0348398e02d50c2cd41c753f035088f0a0a1 171980 postgresql-plpython3-13-dbgsym_13.1-1_s390x.ddeb 000a287f719c09e0ebce1bae82205df3e51e98f4 102384 postgresql-plpython3-13_13.1-1_s390x.deb 9abfd406fe2aca09b8e15976cb2c12e2a5d1e957 78820 postgresql-pltcl-13-dbgsym_13.1-1_s390x.ddeb 5278e173328630a367d02dbd2d0453f4e12b4ed5 37304 postgresql-pltcl-13_13.1-1_s390x.deb 2504f6a42ea8cd320d013b67f14eb98af12028b4 995712 postgresql-server-dev-13_13.1-1_s390x.deb Checksums-Sha256: f231c22bcf09b2e8bc9c56f315a9b20b4d69c96bab866e907f1e489a3f4da37f 55676 libecpg-compat3-dbgsym_13.1-1_s390x.ddeb a0cfcc2a46f23dfc38a5a612ce008743246d96458335a0e8e11f74f870f31af2 20260 libecpg-compat3_13.1-1_s390x.deb bafbdbc079baed443efec66d3d99644d6aff1e2e6af87c9aef8f974c075bda88 304116 libecpg-dev-dbgsym_13.1-1_s390x.ddeb 8cfc940be110503081490754e8a949413a748207db63807197c36872550f9415 279268 libecpg-dev_13.1-1_s390x.deb b81ce5a22b534f2610f6478980edc3ea85e9e14c55976bd97ff5fd49dd8b5d56 145944 libecpg6-dbgsym_13.1-1_s390x.ddeb c9b0d1c6c3854e69381c9d055c1766b145a0b6beebc18d05972ca4c9bcfa2472 58044 libecpg6_13.1-1_s390x.deb 446123ae2bdc10648c7bd28ffc086fc02360efdffdd3324c2042b76c81fa382d 126992 libpgtypes3-dbgsym_13.1-1_s390x.ddeb 8d6a9d70148edc029a92725607d11fb084e1d11d39a6c3c63687d56685922ac9 48896 libpgtypes3_13.1-1_s390x.deb b202b78692fba8e52b2465e364099ee163502e70151d63d2a05587f364f3af2f 134324 libpq-dev_13.1-1_s390x.deb 7ea4299cf656e440bb7bdfa4255504e9656a748ec58f19d1240943805385700b 321664 libpq5-dbgsym_13.1-1_s390x.ddeb be28a4698c554730f83db26051f3cce50784288b4971cbe7770644b9aec9cf8a 177836 libpq5_13.1-1_s390x.deb e46a2a7244bc57bad991dff9d81d7918a2d9363305f562fbf486b768be62bafd 18280064 postgresql-13-dbgsym_13.1-1_s390x.ddeb 8b4ad9cb4f8e33747520938ce24699fd33700a53946106ccf8ce291819dfe08c 14965 postgresql-13_13.1-1_s390x.buildinfo e7399b7a4e99eb2182527a825d57be38dd12deefdd27f674a0481eb707c9cbfa 16435800 postgresql-13_13.1-1_s390x.deb 08022cb4ad111a370b4c2c36b731181c3c7b85340c6c5e427298c43580b49a2d 2681876 postgresql-client-13-dbgsym_13.1-1_s390x.ddeb e4b9ebf583a7a854ec055c71c41fbef9a5428bbcd8ba1516dbd2d32e5774cff3 1521788 postgresql-client-13_13.1-1_s390x.deb 808604a3e0704fc416930fcf1fcc57bfadcbf7e4e809be19d5cc92caea1e8b4a 178804 postgresql-plperl-13-dbgsym_13.1-1_s390x.ddeb de5ad2bb99ae7f2a3c21c0874346d2b5983325d27558d561407c2530c982f245 85920 postgresql-plperl-13_13.1-1_s390x.deb 30dccd10bc67671ac3742f9d71be5023b494a7e826c9be439330c9b428f2f378 171980 postgresql-plpython3-13-dbgsym_13.1-1_s390x.ddeb 40107e1b896abbb4463e3e3e4cd76e83070737fc90afab1daef66978ef85cf74 102384 postgresql-plpython3-13_13.1-1_s390x.deb 13bf7b57eb6a0421ad466ed92de9642c98f45ca48d1bc19d6e5761df4b44fab4 78820 postgresql-pltcl-13-dbgsym_13.1-1_s390x.ddeb 4f391f1b52d3a1c37196a46500714530fbe66009ba2863089b86a128356d0b40 37304 postgresql-pltcl-13_13.1-1_s390x.deb 0bea4aad3753d07fb907dee28054721bf294d4030c98eb041690df831a47e02e 995712 postgresql-server-dev-13_13.1-1_s390x.deb Files: 8abe9d1d18c655566845e8bd950424e4 55676 debug optional libecpg-compat3-dbgsym_13.1-1_s390x.ddeb 20f84945d525e626b83fd22956bb92e9 20260 libs optional libecpg-compat3_13.1-1_s390x.deb f1e3b360e2a1ff01c5fd8017750a176b 304116 debug optional libecpg-dev-dbgsym_13.1-1_s390x.ddeb c033359020f09e1e7e46f2a1d090f596 279268 libdevel optional libecpg-dev_13.1-1_s390x.deb baf44076278e236b490c5f4359811dbe 145944 debug optional libecpg6-dbgsym_13.1-1_s390x.ddeb 08c16b16326614bfca87bf278a7a9b1a 58044 libs optional libecpg6_13.1-1_s390x.deb cd86f3fa81fb17e027ab5537697f7b92 126992 debug optional libpgtypes3-dbgsym_13.1-1_s390x.ddeb 8a64be24873e9d9834ac28017e407468 48896 libs optional libpgtypes3_13.1-1_s390x.deb f0cd10cafb067169c23bcb31cc293842 134324 libdevel optional libpq-dev_13.1-1_s390x.deb 3fa1e7b2a70fe809d5be9a56b83ba741 321664 debug optional libpq5-dbgsym_13.1-1_s390x.ddeb 9035cb641457550e714f1b2f049b1cb8 177836 libs optional libpq5_13.1-1_s390x.deb 4612fe129c030ba02606881db6feaf44 18280064 debug optional postgresql-13-dbgsym_13.1-1_s390x.ddeb 75cfad6ae27fa7b80401825d83b9d1c5 14965 database optional postgresql-13_13.1-1_s390x.buildinfo 363813f79c8f9bee4bd8bbcda63e5612 16435800 database optional postgresql-13_13.1-1_s390x.deb a4b5483ba56d5499820622ec87d41c19 2681876 debug optional postgresql-client-13-dbgsym_13.1-1_s390x.ddeb 131d560aeb9c217dbeb70f627243ac5b 1521788 database optional postgresql-client-13_13.1-1_s390x.deb 5257d06f3d68583342a7890f73054282 178804 debug optional postgresql-plperl-13-dbgsym_13.1-1_s390x.ddeb 3de12c7655c7aac0d46759ab2b2c7e80 85920 database optional postgresql-plperl-13_13.1-1_s390x.deb 99e96903ab1659d6f51619caefea0bc7 171980 debug optional postgresql-plpython3-13-dbgsym_13.1-1_s390x.ddeb 2974dac8d51a194c69457177e68c71ac 102384 database optional postgresql-plpython3-13_13.1-1_s390x.deb b683dba4c9c0eb2549e530b030e9b20d 78820 debug optional postgresql-pltcl-13-dbgsym_13.1-1_s390x.ddeb b3c25c26e2ceb8a7e4e83fa695ce6955 37304 database optional postgresql-pltcl-13_13.1-1_s390x.deb 69ba4c3fdffe715c17c69f0e3bff2a0d 995712 libdevel optional postgresql-server-dev-13_13.1-1_s390x.deb