Format: 1.8 Date: Tue, 27 Feb 2018 12:54:34 +0100 Source: postgresql-10 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-10 postgresql-client-10 postgresql-server-dev-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 Architecture: amd64 amd64_translations all Version: 10.3-1 Distribution: bionic-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 10 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-10 - object-relational SQL database, version 10 server postgresql-client-10 - front-end programs for PostgreSQL 10 postgresql-doc-10 - documentation for the PostgreSQL database management system postgresql-plperl-10 - PL/Perl procedural language for PostgreSQL 10 postgresql-plpython-10 - PL/Python procedural language for PostgreSQL 10 postgresql-plpython3-10 - PL/Python 3 procedural language for PostgreSQL 10 postgresql-pltcl-10 - PL/Tcl procedural language for PostgreSQL 10 postgresql-server-dev-10 - development files for PostgreSQL 10 server-side programming Changes: postgresql-10 (10.3-1) unstable; urgency=medium . * New upstream version. . If you run an installation in which not all users are mutually trusting, or if you maintain an application or extension that is intended for use in arbitrary situations, it is strongly recommended that you read the documentation changes described in the first changelog entry below, and take suitable steps to ensure that your installation or code is secure. . Also, the changes described in the second changelog entry below may cause functions used in index expressions or materialized views to fail during auto-analyze, or when reloading from a dump. After upgrading, monitor the server logs for such problems, and fix affected functions. . + Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users . Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. (CVE-2018-1058) . + Avoid use of insecure search_path settings in pg_dump and other client programs . pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications were themselves vulnerable to the type of hijacking described in the previous changelog entry; since these applications are commonly run by superusers, they present particularly attractive targets. To make them secure whether or not the installation as a whole has been secured, modify them to include only the pg_catalog schema in their search_path settings. Autovacuum worker processes now do the same, as well. . In cases where user-provided functions are indirectly executed by these programs -- for example, user-provided functions in index expressions -- the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058) Checksums-Sha1: b40eb9e6ef681c5553bd5773908c7eeb28f66817 16284 libecpg-compat3-dbgsym_10.3-1_amd64.ddeb 60c8b9c87cfe6781dce720fffcb1e0f1601233ea 12068 libecpg-compat3_10.3-1_amd64.deb 36b4b99ae9282a7a75819ffe9ff189e4941dadbb 191252 libecpg-dev-dbgsym_10.3-1_amd64.ddeb 62c46ccbfe68bcedcb307b463ca856f955e9dacd 228652 libecpg-dev_10.3-1_amd64.deb 4972059eb8d5f706d771703795b04da317ac530e 90768 libecpg6-dbgsym_10.3-1_amd64.ddeb fa98a0fa5203013bc3dba595da5c04609426df28 36464 libecpg6_10.3-1_amd64.deb 730e434560dc82c865614ed752b859833992bb74 61556 libpgtypes3-dbgsym_10.3-1_amd64.ddeb 14cccddc3134dd8dcaaf59ea628754516a5d1aaa 37644 libpgtypes3_10.3-1_amd64.deb 0f40e804e916b8661eba43877c3d426792cafc38 216324 libpq-dev_10.3-1_amd64.deb a7cb3fa4e356e8c1856009752e6cb80b7ea2ae4a 242484 libpq5-dbgsym_10.3-1_amd64.ddeb 696a8e9fabd33db011a4fad9b837d0a99e73630a 105536 libpq5_10.3-1_amd64.deb 8b60159877baa3bddab9aa4f0f31d0b8bb157fcc 15016492 postgresql-10-dbgsym_10.3-1_amd64.ddeb 888af892858fc6589f4671979f29cb52ceda79c4 16252 postgresql-10_10.3-1_amd64.buildinfo df83566e4a93dce2fbaaf40c3e252dec9caa0ae1 3747644 postgresql-10_10.3-1_amd64.deb ddcf5f94f50932a85aa62911a7e6f65215d98d1a 7121393 postgresql-10_10.3-1_amd64_translations.tar.gz a2e8bf0b8d6940a55b421db22d7d1d016574d3fe 1589120 postgresql-client-10-dbgsym_10.3-1_amd64.ddeb 0dc53e20fc70bd46672860d51864e9dd531fabf7 932648 postgresql-client-10_10.3-1_amd64.deb 68d9a748a685a2214d75852b50d6dfd58c11c5aa 2135064 postgresql-doc-10_10.3-1_all.deb ceab4f8c5e5b263a51571f84e97b04c2f90e64a1 190816 postgresql-plperl-10-dbgsym_10.3-1_amd64.ddeb 07c0e29e67cb0219890213c708692de685a567fa 43216 postgresql-plperl-10_10.3-1_amd64.deb 9aecf0da31d81a47e48aff69a74f3723cf9568eb 257048 postgresql-plpython-10-dbgsym_10.3-1_amd64.ddeb 577f6e33881e60babc0ccc936c26dcc714b05ef0 51224 postgresql-plpython-10_10.3-1_amd64.deb 9cf8b6cfce11b4f70c497c53e802dabc2efda7ea 251064 postgresql-plpython3-10-dbgsym_10.3-1_amd64.ddeb 64cc2370ab1b55b24f23acd9e6cb3af4167fd742 49668 postgresql-plpython3-10_10.3-1_amd64.deb f4479afbadc5fad633d05d9344439b6f540d89e5 88904 postgresql-pltcl-10-dbgsym_10.3-1_amd64.ddeb 653c86680a531c653fcf33e96a9b9c277e205cc0 28088 postgresql-pltcl-10_10.3-1_amd64.deb ca352bbad20561902ef8f34b7c4cd87a5ca45a51 87648 postgresql-server-dev-10-dbgsym_10.3-1_amd64.ddeb 2af3f8ae04c13d5efb0ba14ec4d8b5ea94243ae4 831176 postgresql-server-dev-10_10.3-1_amd64.deb Checksums-Sha256: 954cdaede56be65d34830ce75561cdc8b1cec94473c96ae8fb8464a6237642f2 16284 libecpg-compat3-dbgsym_10.3-1_amd64.ddeb 024faade683912de43d6609b1e1c3c63dfc1f8b9ed0e69744391e22e382de1dd 12068 libecpg-compat3_10.3-1_amd64.deb 3e4e7d048c1c00c447f4b3eb8a8a87f367f35f7a81623b6066209f73ce480d2b 191252 libecpg-dev-dbgsym_10.3-1_amd64.ddeb e33f3facbf7a6266f63e304c7d2dfee58e0334f73b6bbdb76e39e27b3015dbda 228652 libecpg-dev_10.3-1_amd64.deb 8f4a2cb52dd729fc9c276b88e1c77e512f08527e3cd79447aac984fb12340532 90768 libecpg6-dbgsym_10.3-1_amd64.ddeb cb363a61e49cad66b0b1cc4d14a2c0d492105dc20f435cde7e526bf725f7c315 36464 libecpg6_10.3-1_amd64.deb dddd89a191432bf6425fcae87a135387c1a22b431d00ef5349ec6f0dd6774828 61556 libpgtypes3-dbgsym_10.3-1_amd64.ddeb 888bee5c1bb43e4aae18c4276f72441b46f561686cf8eb291fefa023d35703e1 37644 libpgtypes3_10.3-1_amd64.deb 8cadcecc872707ae8bf97c9d0532925ede1de8d00f453a1265b4ee1fa323ad28 216324 libpq-dev_10.3-1_amd64.deb c92005d326781feefd5cea009c77801a0adcbff0e48ee515707fbc5a00981d8c 242484 libpq5-dbgsym_10.3-1_amd64.ddeb 1ac9afbaddd24b9073473a7198dd04c20f0f074ebd379ac7dbf7b57eefa00d28 105536 libpq5_10.3-1_amd64.deb 93cf057bacd957f2e6dbe71c667be3031a206b813f92f61e50ef15b3dcfc9d04 15016492 postgresql-10-dbgsym_10.3-1_amd64.ddeb 5963144768b6a3684d164dde1743f9514f3403d7b4cbc00f6f06a28cccdc1696 16252 postgresql-10_10.3-1_amd64.buildinfo 9469f634f79ec66311684623204a3cfc63e1d56ca33d7a7a45a271cc46fe0467 3747644 postgresql-10_10.3-1_amd64.deb 9f6cf44a94209bd260f68abba14833bdb73f3cc9980844d3f0c7bd8dbcfe682f 7121393 postgresql-10_10.3-1_amd64_translations.tar.gz 1d2c2ebc28de6af8f847413e51f42d479015ad004dd36e58a8154941b71aaf53 1589120 postgresql-client-10-dbgsym_10.3-1_amd64.ddeb 98f471676aeac6d0c78ee75ee2dc4f117bb4de72e467f178497500840152567c 932648 postgresql-client-10_10.3-1_amd64.deb 7acbdb1ee4e6126db1e0b477f4614df2f49c87075f97ee2831e57faca6ec60bb 2135064 postgresql-doc-10_10.3-1_all.deb 6420639cd7ccdde5f05c18630d2a919516ae54474582f2ed8dba7d013696efa1 190816 postgresql-plperl-10-dbgsym_10.3-1_amd64.ddeb f3fe7951b0c6982d22113cf6eaef501644a5eee1bdfcd7c1e0513df69ebffac6 43216 postgresql-plperl-10_10.3-1_amd64.deb e5f1d5d3e557618811f973c2cb48ffd5eaaa9df1a86d218a20067b800ec79efd 257048 postgresql-plpython-10-dbgsym_10.3-1_amd64.ddeb 4aa0157e246793c3cb791494cbdb838b04a8f26c3272fb6b1dfb12a741ff4d5c 51224 postgresql-plpython-10_10.3-1_amd64.deb 8e4b3d39fad6d3dc8c0db46334023de14348419aee0961f280de231603075379 251064 postgresql-plpython3-10-dbgsym_10.3-1_amd64.ddeb 6d515ca4106ca322d4706d49039c312a1dbee1626d53cc5d98ced560e2e1ff70 49668 postgresql-plpython3-10_10.3-1_amd64.deb 86d5baddb288d41c8a660c06e82a1ae13dfca8fa7df8b891bfbe5e21d9b47ce2 88904 postgresql-pltcl-10-dbgsym_10.3-1_amd64.ddeb cfed78f75bd3f33c83b9e9532f9c6b4c95ca07252d48cb19f8bbbe539b91b103 28088 postgresql-pltcl-10_10.3-1_amd64.deb a6df3cc815036116c8aa585e3d765a81b9cc9dc8d99179f74b8faeb84e51edce 87648 postgresql-server-dev-10-dbgsym_10.3-1_amd64.ddeb d57fd5153bec5d8cfe3dd24101c1da6021fbb00dcf1d91faa7956a51d11d1a93 831176 postgresql-server-dev-10_10.3-1_amd64.deb Files: 0d69cb42ccd9318a552e0da31379b837 16284 debug optional libecpg-compat3-dbgsym_10.3-1_amd64.ddeb d41507b4e2b2f19a56175404064aeea7 12068 libs optional libecpg-compat3_10.3-1_amd64.deb e21ce8111f47b39023940a4443e94a42 191252 debug optional libecpg-dev-dbgsym_10.3-1_amd64.ddeb ee8212e28c5a7cae90a8b77c797c10f1 228652 libdevel optional libecpg-dev_10.3-1_amd64.deb 47d5fff8d51c161e25aacb4ec1a735ca 90768 debug optional libecpg6-dbgsym_10.3-1_amd64.ddeb f5c918e9e22ddf7f8a47fe74ad866b6b 36464 libs optional libecpg6_10.3-1_amd64.deb ca01308d045a1e0f32b29a1ae789dfd8 61556 debug optional libpgtypes3-dbgsym_10.3-1_amd64.ddeb 31132ceb1d96c85193ead60322de69a0 37644 libs optional libpgtypes3_10.3-1_amd64.deb 860bcf01e1a5d80fc0dafc65d3142e82 216324 libdevel optional libpq-dev_10.3-1_amd64.deb 83539cf2be124e37da65d25563e3327b 242484 debug optional libpq5-dbgsym_10.3-1_amd64.ddeb faef320bdf9057c62552755aef1c14ab 105536 libs optional libpq5_10.3-1_amd64.deb 64227f98b964f910efb161f7a614c8bd 15016492 debug optional postgresql-10-dbgsym_10.3-1_amd64.ddeb 827c05fb906dab302ae68bba3c5c7233 16252 database optional postgresql-10_10.3-1_amd64.buildinfo 532c62602c17b7a7670442b0d781bd37 3747644 database optional postgresql-10_10.3-1_amd64.deb 5786e4a1d24fdf7091b0e739330b5ac7 7121393 raw-translations - postgresql-10_10.3-1_amd64_translations.tar.gz 80a58b0e89beef9c6777401342921a75 1589120 debug optional postgresql-client-10-dbgsym_10.3-1_amd64.ddeb f8bb12b4aac8c80ee5e502c552f6d74e 932648 database optional postgresql-client-10_10.3-1_amd64.deb 7212bdf69b4ecb34bd204043a2355609 2135064 doc optional postgresql-doc-10_10.3-1_all.deb c5b75e496239797aab162986b0a8c66f 190816 debug optional postgresql-plperl-10-dbgsym_10.3-1_amd64.ddeb c530a66837cbe6e321225ebdc9beb4d3 43216 database optional postgresql-plperl-10_10.3-1_amd64.deb 30140ff9fa9ecfa3b410efd91ecc9654 257048 debug optional postgresql-plpython-10-dbgsym_10.3-1_amd64.ddeb f70c6186fadf0644793468b99d6b465b 51224 database optional postgresql-plpython-10_10.3-1_amd64.deb 405d11f51fee1902f61d91025c09f6e6 251064 debug optional postgresql-plpython3-10-dbgsym_10.3-1_amd64.ddeb 4ad3e726ebca1e7415781d158d25a49f 49668 database optional postgresql-plpython3-10_10.3-1_amd64.deb 982f97963147debc97511bfa0112a1dc 88904 debug optional postgresql-pltcl-10-dbgsym_10.3-1_amd64.ddeb a9aa62ceb85f3f9ae72818f66c5e6614 28088 database optional postgresql-pltcl-10_10.3-1_amd64.deb b32b03436059b1cc2f5f15aae47fd9a3 87648 debug optional postgresql-server-dev-10-dbgsym_10.3-1_amd64.ddeb 98918943d729894ec371bba0840d943e 831176 libdevel optional postgresql-server-dev-10_10.3-1_amd64.deb