Ubuntu
postgresql-15 package

postgresql-15 15.3-0+deb12u1 source package in Ubuntu

Changelog

postgresql-15 (15.3-0+deb12u1) unstable; urgency=medium

  * New upstream version.

    + Prevent CREATE SCHEMA from defeating changes in search_path
      (Report and fix by Alexander Lakhin, CVE-2023-2454)

      Within a CREATE SCHEMA command, objects in the prevailing search_path,
      as well as those in the newly-created schema, would be visible even
      within a called function or script that attempted to set a secure
      search_path.  This could allow any user having permission to create a
      schema to hijack the privileges of a security definer function or
      extension script.

    + Enforce row-level security policies correctly after inlining a
      set-returning function (Report by Wolfgang Walther, CVE-2023-2455)

      If a set-returning SQL-language function refers to a table having
      row-level security policies, and it can be inlined into a calling query,
      those RLS policies would not get enforced properly in some cases
      involving re-using a cached plan under a different role. This could
      allow a user to see or modify rows that should have been invisible.

 -- Christoph Berg <email address hidden>  Tue, 09 May 2023 19:05:02 +0200

Upload details

Uploaded by:
Debian PostgreSQL Maintainers
Uploaded to:
Sid
Original maintainer:
Debian PostgreSQL Maintainers
Architectures:
any all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
postgresql-15_15.3-0+deb12u1.dsc 3.8 KiB d57bfa81859ffb3156a6bf9c626830e9b732726a17448ff44c1696370933965e
postgresql-15_15.3.orig.tar.bz2 21.8 MiB ffc7d4891f00ffbf5c3f4eab7fbbced8460b8c0ee63c5a5167133b9e6599d932
postgresql-15_15.3-0+deb12u1.debian.tar.xz 23.0 KiB a3d5dc516cccc5a32a68a5779ae885e159ed19cb38ebca4c235c0f33befd37ed

Available diffs

No changes file available.

Binary packages built by this source