-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 May 2019 12:51:42 +0200
Source: postgresql-9.6
Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.6 postgresql-9.6-dbg postgresql-client-9.6 postgresql-server-dev-9.6 postgresql-doc-9.6 postgresql-contrib-9.6 postgresql-plperl-9.6 postgresql-plpython-9.6 postgresql-plpython3-9.6 postgresql-pltcl-9.6
Architecture: amd64
Version: 9.6.13-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: amd64 Build Daemon (binet) <buildd-binet@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
libecpg-compat3 - older version of run-time library for ECPG programs
libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
libecpg6 - run-time library for ECPG programs
libpgtypes3 - shared library libpgtypes for PostgreSQL 9.6
libpq-dev - header files for libpq5 (PostgreSQL library)
libpq5 - PostgreSQL C client library
postgresql-9.6 - object-relational SQL database, version 9.6 server
postgresql-9.6-dbg - debug symbols for postgresql-9.6
postgresql-client-9.6 - front-end programs for PostgreSQL 9.6
postgresql-contrib-9.6 - additional facilities for PostgreSQL
postgresql-doc-9.6 - documentation for the PostgreSQL database management system
postgresql-plperl-9.6 - PL/Perl procedural language for PostgreSQL 9.6
postgresql-plpython-9.6 - PL/Python procedural language for PostgreSQL 9.6
postgresql-plpython3-9.6 - PL/Python 3 procedural language for PostgreSQL 9.6
postgresql-pltcl-9.6 - PL/Tcl procedural language for PostgreSQL 9.6
postgresql-server-dev-9.6 - development files for PostgreSQL 9.6 server-side programming
Changes:
postgresql-9.6 (9.6.13-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
+ Prevent row-level security policies from being bypassed via selectivity
estimators (Dean Rasheed)
.
Some of the planner's selectivity estimators apply user-defined
operators to values found in pg_statistic (e.g., most-common values).
A leaky operator therefore can disclose some of the entries in a data
column, even if the calling user lacks permission to read that column.
In CVE-2017-7484 we added restrictions to forestall that, but we failed
to consider the effects of row-level security. A user who has SQL
permission to read a column, but who is forbidden to see certain rows
due to RLS policy, might still learn something about those rows'
contents via a leaky operator. This patch further tightens the rules,
allowing leaky operators to be applied to statistics data only when
there is no relevant RLS policy. (CVE-2019-10130)
.
* Move maintainer address to tracker.
Checksums-Sha1:
cf120c253955fb5d4303f8c3c0327c9784ba6999 18608 libecpg-compat3_9.6.13-0+deb9u1_amd64.deb
742ebefae2938a17ab8d7d6f298f18d7b20dfd26 229754 libecpg-dev_9.6.13-0+deb9u1_amd64.deb
2caaafd93ced42422302a2a537a87a7e1df16347 85380 libecpg6_9.6.13-0+deb9u1_amd64.deb
dc2f12d817bd1856d4c6a4905d416cee6dc585d3 40862 libpgtypes3_9.6.13-0+deb9u1_amd64.deb
1820822539007b1a85bd648f6fec4ad9e68c06fe 215968 libpq-dev_9.6.13-0+deb9u1_amd64.deb
183f862eed4e89bb4f43a14462624c3bc8686d7a 136392 libpq5_9.6.13-0+deb9u1_amd64.deb
bcf59fabd4a19d3bf4be0de99592fa97679d2674 16243418 postgresql-9.6-dbg_9.6.13-0+deb9u1_amd64.deb
716b202c89c5bb9a2f8b42bf30545500264bc492 13130 postgresql-9.6_9.6.13-0+deb9u1_amd64.buildinfo
62b0b26ed79dd561a686351318f12953566193ca 4292586 postgresql-9.6_9.6.13-0+deb9u1_amd64.deb
0ad8e2ca0c7ce901a7c6bbff447e366f925f64db 1278032 postgresql-client-9.6_9.6.13-0+deb9u1_amd64.deb
2e900b6983638f00dfc81e2f7b3cbf2554695042 500200 postgresql-contrib-9.6_9.6.13-0+deb9u1_amd64.deb
f1f42024e42936da74008a5eeb77e695aeafa6d8 61648 postgresql-plperl-9.6_9.6.13-0+deb9u1_amd64.deb
f8d93fe158c3e17d5982ffb4cbbc63a8a7478ab6 53064 postgresql-plpython-9.6_9.6.13-0+deb9u1_amd64.deb
18b16d685591b54a5f5b339ae6deecaef6d67011 51608 postgresql-plpython3-9.6_9.6.13-0+deb9u1_amd64.deb
8bd1280cd555e76f08fab4a0c76941c47f17fcd5 40548 postgresql-pltcl-9.6_9.6.13-0+deb9u1_amd64.deb
32a50bd013d5702e9108f7bd793d44d3f01803a2 770014 postgresql-server-dev-9.6_9.6.13-0+deb9u1_amd64.deb
Checksums-Sha256:
80cc58950fc1aca09a4bd97b39474460a7be47e6e8af854db4ae4ed883e840d0 18608 libecpg-compat3_9.6.13-0+deb9u1_amd64.deb
ef5b3659358369719a1645db56bcb5e95311fad607c429a76dd0deb49ebf80a1 229754 libecpg-dev_9.6.13-0+deb9u1_amd64.deb
4e10b4dea20549000765f1187d7370405779c9280fee9e1b112494e685b15f81 85380 libecpg6_9.6.13-0+deb9u1_amd64.deb
c20bb6cec42c6f0aa2da34bd30c6121ff2411044b066660fb8fa6679329f5b28 40862 libpgtypes3_9.6.13-0+deb9u1_amd64.deb
8594897cf0b1b96020bbc91a645f43e7bb8a0c0a3fbb584059f253689b493faf 215968 libpq-dev_9.6.13-0+deb9u1_amd64.deb
f4e611a2efe0f818c344e8859c9419897a0c3d38d581d83f4af21873df0ae474 136392 libpq5_9.6.13-0+deb9u1_amd64.deb
7c9823e36a710332611ca3b7943a471d2a569353c3b015ff84297e08d22de4b3 16243418 postgresql-9.6-dbg_9.6.13-0+deb9u1_amd64.deb
1c2bcee29925bc0f05f7ea8a57036e1e28af7b2746ed763c99406ed3dff5d8ac 13130 postgresql-9.6_9.6.13-0+deb9u1_amd64.buildinfo
c3a7fcee0fd69b5b53828d28d20146a07a0abeafd89dd0f34aff71faf51d3c7b 4292586 postgresql-9.6_9.6.13-0+deb9u1_amd64.deb
4b618afc31e6b8f99fb9a6ebf55d2e6afef66d99543c01743caaeb5add5f00d1 1278032 postgresql-client-9.6_9.6.13-0+deb9u1_amd64.deb
c3cf56f8b0bdb3e2e367acc0ec9cb58bed7d640c7b6667f26b1c7e93e6e51956 500200 postgresql-contrib-9.6_9.6.13-0+deb9u1_amd64.deb
e94bcd3b59de1c5113022860fce2ba6d5e5c9cd3faf2dfc4f0d55672658b5f01 61648 postgresql-plperl-9.6_9.6.13-0+deb9u1_amd64.deb
bff39c4675ea47c2b625ae1e2aeb9c6fe1ad780a3d5685602799dd3fe6af3f7d 53064 postgresql-plpython-9.6_9.6.13-0+deb9u1_amd64.deb
21c5ee27098b521b4d4e5f5688824afc3abf96326e4dac0317f47b2bd34758c3 51608 postgresql-plpython3-9.6_9.6.13-0+deb9u1_amd64.deb
617e28c101f2d3553d54942b787548c801d0ebbeeac395c423f4b7aef4abb674 40548 postgresql-pltcl-9.6_9.6.13-0+deb9u1_amd64.deb
8ee7a5a5eaadac5b33a311d7cf3b34d2280a31089a998cf9ff7f3bc22404d531 770014 postgresql-server-dev-9.6_9.6.13-0+deb9u1_amd64.deb
Files:
787edc7572711917b46164886427fc59 18608 libs optional libecpg-compat3_9.6.13-0+deb9u1_amd64.deb
b7a5176ca45bb127212104e077cc85cb 229754 libdevel optional libecpg-dev_9.6.13-0+deb9u1_amd64.deb
298de30c93ff8c8e5b2769386f4b7df9 85380 libs optional libecpg6_9.6.13-0+deb9u1_amd64.deb
389ea25b8971b7fe516bbf5e42479b50 40862 libs optional libpgtypes3_9.6.13-0+deb9u1_amd64.deb
0de13c1f8642d3dd2efa09cefd30bf56 215968 libdevel optional libpq-dev_9.6.13-0+deb9u1_amd64.deb
42d6307d80c6fe2d06e6380dc75f6342 136392 libs optional libpq5_9.6.13-0+deb9u1_amd64.deb
dc22f16b807aca9d539ebd61cae00f89 16243418 debug extra postgresql-9.6-dbg_9.6.13-0+deb9u1_amd64.deb
d0b9dde184169c1d8c39dfa3f8475c74 13130 database optional postgresql-9.6_9.6.13-0+deb9u1_amd64.buildinfo
325773a9a2304b49aa72de56f9d3435d 4292586 database optional postgresql-9.6_9.6.13-0+deb9u1_amd64.deb
996eb10eb0005475015a315abfd211f8 1278032 database optional postgresql-client-9.6_9.6.13-0+deb9u1_amd64.deb
0a624cdf0e20fcf169e79a1580b5b9c3 500200 database optional postgresql-contrib-9.6_9.6.13-0+deb9u1_amd64.deb
9fb8312a2586cd741726cb5cbc90c111 61648 database optional postgresql-plperl-9.6_9.6.13-0+deb9u1_amd64.deb
f02fb36a00efa36709de01f9de7c72d4 53064 database optional postgresql-plpython-9.6_9.6.13-0+deb9u1_amd64.deb
a7f5b05d0147d0e82004b6579fd721d3 51608 database optional postgresql-plpython3-9.6_9.6.13-0+deb9u1_amd64.deb
7b861ccb5ef88c7d439c1da9e89da17e 40548 database optional postgresql-pltcl-9.6_9.6.13-0+deb9u1_amd64.deb
4996390794ae831c33d7d85949592965 770014 libdevel optional postgresql-server-dev-9.6_9.6.13-0+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEHH/JmdSykanqZdkX2+6UAFDBS9EFAlzRgtMACgkQ2+6UAFDB
S9H8DRAAtzla+cpQO4N8hdGaLL1wXUm35aWLnsHiN8hYu3yMksVQsJk8i5LFymoG
QuNSd6kv+F0komB4STQtydKTGoFIF4HAvbzNZ0WJTJEF1UBf8y4qSw+NJZe2HBw6
OkLRfOy2Wx9ERWc3E601uywoBdsWM8KLdnj7S2i5m7Osu+H6+GpP7RT8GD34iCcF
XtKmPsZBJ+8KKBjd5yge31l2hBhgVYgkaDQET6BehclIBiJz7la3+1i7QV2JtUP6
lkRvbTfZqwmITbSDbEcf1cC1CXxzIt9JV804yxWsUxVcQqXulnFCii1TQLCoEVES
CdRDfvXnWV2f6CQ8a/Y+irIr9b3WaYBZVRIZLW/hXSbFEPw/e5CuOe6J0Vw2z3d7
C2YghQhi+9Gvvy8tlwyYBb7ANjWSQ9WZnD+Cow63iPKnimdBSuX/rO5YiXo90vuW
FHYdMWXm+E+cZKvjHwofmBN/N0SzRICIaAbtp2Dhg/pU3zVoI03DaZdtAzVeO3ZC
M6dazCNuZ1ctzZinxR71UgbX7mcKsSnpI4X5j6IcCDbiNlP1Mv1HOSrii4lbKZAQ
uXV1ruGlMXLNaG/ZbmmFurU+uwW+LsjoUWYpdjmKAwVllJ1oThlRLUXOsGCTlz/z
2r8JPZZyoJchtRCCS4QzZfnFOKIap2gg46ByZxNHwv2XQFs9kJE=
=AjER
-----END PGP SIGNATURE-----