postgresql-11 11.3-1 source package in Ubuntu
Changelog
postgresql-11 (11.3-1) unstable; urgency=medium
* New upstream version.
+ Prevent row-level security policies from being bypassed via selectivity
estimators (Dean Rasheed)
Some of the planner's selectivity estimators apply user-defined
operators to values found in pg_statistic (e.g., most-common values).
A leaky operator therefore can disclose some of the entries in a data
column, even if the calling user lacks permission to read that column.
In CVE-2017-7484 we added restrictions to forestall that, but we failed
to consider the effects of row-level security. A user who has SQL
permission to read a column, but who is forbidden to see certain rows
due to RLS policy, might still learn something about those rows'
contents via a leaky operator. This patch further tightens the rules,
allowing leaky operators to be applied to statistics data only when
there is no relevant RLS policy. (CVE-2019-10130)
+ Avoid access to already-freed memory during partition routing error
reports (Michael Paquier)
This mistake could lead to a crash, and in principle it might be
possible to use it to disclose server memory contents. (CVE-2019-10129)
-- Christoph Berg <email address hidden> Tue, 07 May 2019 12:04:34 +0200
Upload details
- Uploaded by:
- Debian PostgreSQL Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian PostgreSQL Maintainers
- Architectures:
- any all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| postgresql-11_11.3-1.dsc | 3.6 KiB | c3b077eff6d49532bfc0294d323b3618566fa7aaf718cbda5cdd64611de04d48 |
| postgresql-11_11.3.orig.tar.bz2 | 18.8 MiB | 2a85e082fc225944821dfd23990e32dfcd2284c19060864b0ad4ca537d30522d |
| postgresql-11_11.3-1.debian.tar.xz | 23.4 KiB | db88c01d8ed7718f659b7a3483dd1987268161a2c4773658c99afd8f39cc98af |
Available diffs
- diff from 11.2-2 to 11.3-1 (2.1 MiB)
No changes file available.
Binary packages built by this source
- libecpg-compat3: No summary available for libecpg-compat3 in ubuntu eoan.
No description available for libecpg-compat3 in ubuntu eoan.
- libecpg-compat3-dbgsym: No summary available for libecpg-compat3-dbgsym in ubuntu eoan.
No description available for libecpg-
compat3- dbgsym in ubuntu eoan.
- libecpg-dev: No summary available for libecpg-dev in ubuntu eoan.
No description available for libecpg-dev in ubuntu eoan.
- libecpg-dev-dbgsym: No summary available for libecpg-dev-dbgsym in ubuntu eoan.
No description available for libecpg-dev-dbgsym in ubuntu eoan.
- libecpg6: No summary available for libecpg6 in ubuntu eoan.
No description available for libecpg6 in ubuntu eoan.
- libecpg6-dbgsym: No summary available for libecpg6-dbgsym in ubuntu eoan.
No description available for libecpg6-dbgsym in ubuntu eoan.
- libpgtypes3: No summary available for libpgtypes3 in ubuntu eoan.
No description available for libpgtypes3 in ubuntu eoan.
- libpgtypes3-dbgsym: No summary available for libpgtypes3-dbgsym in ubuntu eoan.
No description available for libpgtypes3-dbgsym in ubuntu eoan.
- libpq-dev: No summary available for libpq-dev in ubuntu eoan.
No description available for libpq-dev in ubuntu eoan.
- libpq5: No summary available for libpq5 in ubuntu eoan.
No description available for libpq5 in ubuntu eoan.
- libpq5-dbgsym: No summary available for libpq5-dbgsym in ubuntu eoan.
No description available for libpq5-dbgsym in ubuntu eoan.
- postgresql-11: No summary available for postgresql-11 in ubuntu eoan.
No description available for postgresql-11 in ubuntu eoan.
- postgresql-11-dbgsym: No summary available for postgresql-11-dbgsym in ubuntu eoan.
No description available for postgresql-
11-dbgsym in ubuntu eoan.
- postgresql-client-11: No summary available for postgresql-client-11 in ubuntu eoan.
No description available for postgresql-
client- 11 in ubuntu eoan.
- postgresql-client-11-dbgsym: No summary available for postgresql-client-11-dbgsym in ubuntu eoan.
No description available for postgresql-
client- 11-dbgsym in ubuntu eoan.
- postgresql-doc-11: No summary available for postgresql-doc-11 in ubuntu eoan.
No description available for postgresql-doc-11 in ubuntu eoan.
- postgresql-plperl-11: No summary available for postgresql-plperl-11 in ubuntu eoan.
No description available for postgresql-
plperl- 11 in ubuntu eoan.
- postgresql-plperl-11-dbgsym: No summary available for postgresql-plperl-11-dbgsym in ubuntu eoan.
No description available for postgresql-
plperl- 11-dbgsym in ubuntu eoan.
- postgresql-plpython-11: No summary available for postgresql-plpython-11 in ubuntu eoan.
No description available for postgresql-
plpython- 11 in ubuntu eoan.
- postgresql-plpython-11-dbgsym: No summary available for postgresql-plpython-11-dbgsym in ubuntu eoan.
No description available for postgresql-
plpython- 11-dbgsym in ubuntu eoan.
- postgresql-plpython3-11: No summary available for postgresql-plpython3-11 in ubuntu eoan.
No description available for postgresql-
plpython3- 11 in ubuntu eoan.
- postgresql-plpython3-11-dbgsym: No summary available for postgresql-plpython3-11-dbgsym in ubuntu eoan.
No description available for postgresql-
plpython3- 11-dbgsym in ubuntu eoan.
- postgresql-pltcl-11: No summary available for postgresql-pltcl-11 in ubuntu eoan.
No description available for postgresql-pltcl-11 in ubuntu eoan.
- postgresql-pltcl-11-dbgsym: No summary available for postgresql-pltcl-11-dbgsym in ubuntu eoan.
No description available for postgresql-
pltcl-11- dbgsym in ubuntu eoan.
- postgresql-server-dev-11: No summary available for postgresql-server-dev-11 in ubuntu eoan.
No description available for postgresql-
server- dev-11 in ubuntu eoan.
- postgresql-server-dev-11-dbgsym: No summary available for postgresql-server-dev-11-dbgsym in ubuntu eoan.
No description available for postgresql-
server- dev-11- dbgsym in ubuntu eoan.
