Format: 1.8
Date: Tue, 10 Nov 2020 13:45:55 +0100
Source: postgresql-13
Binary: libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-13 postgresql-client-13 postgresql-doc-13 postgresql-plperl-13 postgresql-plpython3-13 postgresql-pltcl-13 postgresql-server-dev-13
Architecture: amd64 all
Version: 13.1-1
Distribution: hirsute-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-054.buildd>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 13
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-13 - object-relational SQL database, version 13 server
 postgresql-client-13 - front-end programs for PostgreSQL 13
 postgresql-doc-13 - documentation for the PostgreSQL database management system
 postgresql-plperl-13 - PL/Perl procedural language for PostgreSQL 13
 postgresql-plpython3-13 - PL/Python 3 procedural language for PostgreSQL 13
 postgresql-pltcl-13 - PL/Tcl procedural language for PostgreSQL 13
 postgresql-server-dev-13 - development files for PostgreSQL 13 server-side programming
Closes: 974063
Changes:
 postgresql-13 (13.1-1) unstable; urgency=medium
 .
   * New upstream version.
     + Fixes timetz regression test failures. (Closes: #974063)
 .
     + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers
       within index expressions and materialized view queries (Noah Misch)
 .
       This is essentially a leak in the security restricted operation sandbox
       mechanism.  An attacker having permission to create non-temporary SQL
       objects could parlay this leak to execute arbitrary SQL code as a
       superuser.
 .
       The PostgreSQL Project thanks Etienne Stalmans for reporting this
       problem. (CVE-2020-25695)
 .
     + Fix usage of complex connection-string parameters in pg_dump,
       pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)
 .
       The -d parameter of pg_dump and pg_restore, or the --maintenance-db
       parameter of the other programs mentioned, can be a connection string
       containing multiple connection parameters rather than just a database
       name.  In cases where these programs need to initiate additional
       connections, such as parallel processing or processing of multiple
       databases, the connection string was forgotten and just the basic
       connection parameters (database name, host, port, and username) were
       used for the additional connections.  This could lead to connection
       failures if the connection string included any other essential
       information, such as non-default SSL or GSS parameters. Worse, the
       connection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. (CVE-2020-25694)
 .
     + When psql's \connect command re-uses connection parameters, ensure that
       all non-overridden parameters from a previous connection string are
       re-used (Tom Lane)
 .
       This avoids cases where reconnection might fail due to omission of
       relevant parameters, such as non-default SSL or GSS options. Worse, the
       reconnection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. This is largely the same problem as
       just cited for pg_dump et al, although psql's behavior is more complex
       since the user may intentionally override some connection parameters.
       (CVE-2020-25694)
 .
     + Prevent psql's \gset command from modifying specially-treated variables
       (Noah Misch)
 .
       \gset without a prefix would overwrite whatever variables the server
       told it to.  Thus, a compromised server could set specially-treated
       variables such as PROMPT1, giving the ability to execute arbitrary shell
       code in the user's session.
 .
       The PostgreSQL Project thanks Nick Cleaton for reporting this problem.
       (CVE-2020-25696)
 .
   * Show only log files on failure.
Checksums-Sha1:
 c6212ba3d4b3aad8b81f04938978decbd6cd5755 38216 libecpg-compat3-dbgsym_13.1-1_amd64.ddeb
 beb42f00a7d545a9db2589187bf4858f812e23e7 18540 libecpg-compat3_13.1-1_amd64.deb
 07118ad953075c470ef66cdb5fc809d7d5664590 237604 libecpg-dev-dbgsym_13.1-1_amd64.ddeb
 25a85756710fed6fde72f8beda72a7f6c694a36b 277856 libecpg-dev_13.1-1_amd64.deb
 2e7a1a5326a6ead071fbb6f31f334dfb97620179 111064 libecpg6-dbgsym_13.1-1_amd64.ddeb
 251d2608cd8e415afef242a449b2eefd338d1315 54520 libecpg6_13.1-1_amd64.deb
 ef766da766a52ad31fa6c23ee45f6cd6b14b676a 89236 libpgtypes3-dbgsym_13.1-1_amd64.ddeb
 fa8cd88ec469a8fe55c6e7794be7f371c2b03b95 43172 libpgtypes3_13.1-1_amd64.deb
 b38d5f3b496c437002664e6cc94042b6f6475d80 131876 libpq-dev_13.1-1_amd64.deb
 eca2708810135dcab6369c4672afe6086ce95455 252732 libpq5-dbgsym_13.1-1_amd64.ddeb
 b74ad777c8f3c49a2ead688e98c47176277dd674 174016 libpq5_13.1-1_amd64.deb
 f5c8bdc5a0fc16f8fada3efc4b33f59b0c39f36a 14849592 postgresql-13-dbgsym_13.1-1_amd64.ddeb
 e127b2754f59056079aa365cb0f4751f783147c5 15452 postgresql-13_13.1-1_amd64.buildinfo
 b7f644b875efdc7e0206f286cb21be53a6d133ef 15142624 postgresql-13_13.1-1_amd64.deb
 9ce4b39caa7a39530b8db07621cca9f1d287ef6f 1842312 postgresql-client-13-dbgsym_13.1-1_amd64.ddeb
 fc4fbf5c1ab85600a1c24de10ad1f8d852c2e2df 1495260 postgresql-client-13_13.1-1_amd64.deb
 cb6e0e07ff0d24f9b1dc524624f87ed9c0c38a60 1893696 postgresql-doc-13_13.1-1_all.deb
 9b3536e75225a0bacc41b6dde05ade05d45901d2 156812 postgresql-plperl-13-dbgsym_13.1-1_amd64.ddeb
 fd65b2a5d80a07ae84b4c4cb6d9fec672c4e4ed5 83184 postgresql-plperl-13_13.1-1_amd64.deb
 cbaf180d90d35089ed5652cdd6fdecbf3bba0d9b 160152 postgresql-plpython3-13-dbgsym_13.1-1_amd64.ddeb
 c85314fe972225674830f4deb8c83c3b0a5b3683 102836 postgresql-plpython3-13_13.1-1_amd64.deb
 56a1ed282dfaf8ed1c517caa337904eaf3aa81e2 74548 postgresql-pltcl-13-dbgsym_13.1-1_amd64.ddeb
 ff9f1068c58d4423d53ea627786dfbb4be163d49 36876 postgresql-pltcl-13_13.1-1_amd64.deb
 f8df695f67cc32441e6695135c52797ad1579c88 966284 postgresql-server-dev-13_13.1-1_amd64.deb
Checksums-Sha256:
 0bda3e441e9310c60da5525b471ccf261ecb08e331efd685f78802e6d7b70424 38216 libecpg-compat3-dbgsym_13.1-1_amd64.ddeb
 b2691d8a4195eb5b7bc80ff3e1ebef4bb390bad90927f191520e2bee73c78ba6 18540 libecpg-compat3_13.1-1_amd64.deb
 81469a2c2dd02e42a42d8d79e5594e85a18f68ab17d438dddc86367efd205aa4 237604 libecpg-dev-dbgsym_13.1-1_amd64.ddeb
 436d19b11931d3b70b71de853cbf9810732ec8bc206553743c8b62a2cd657d01 277856 libecpg-dev_13.1-1_amd64.deb
 23f0db40e6e467ec81e802916d90f4fbf1b7132a2c5e6a9a334b96deab7b3b9b 111064 libecpg6-dbgsym_13.1-1_amd64.ddeb
 34d3245abd69687ea2bafce4dd26321f0d8c04b9a2cf9d74d9ae60056175942e 54520 libecpg6_13.1-1_amd64.deb
 585091a1030e8a5599843c31ad307d3d2b3e456f65014c681bf97d2b5f43e3be 89236 libpgtypes3-dbgsym_13.1-1_amd64.ddeb
 1ef782828377031219207e8722881ab0405e59ce2f269b4023435797c716c981 43172 libpgtypes3_13.1-1_amd64.deb
 7f59726172f3fa9e3ea596ec94d6fcf492aef6ba9fc52670f07f978a583da6f4 131876 libpq-dev_13.1-1_amd64.deb
 09087f36c48387d10e421310f55612720b365c7136d00058c568f9b101c79f12 252732 libpq5-dbgsym_13.1-1_amd64.ddeb
 1e294a16f6987731db9e3fd650d0ba6e741cd3ef53a4e7c18384ca69fc9b1595 174016 libpq5_13.1-1_amd64.deb
 204e6443090deaa073dadfbd74d889ee29c74d632c9f5106894164d65827c422 14849592 postgresql-13-dbgsym_13.1-1_amd64.ddeb
 c1feb1e27c5fe9adc110e1178d30ef8b4beb44c90e7cd8f044b698d6b4fcc038 15452 postgresql-13_13.1-1_amd64.buildinfo
 accc13cf990176beaae07f0ea63b6d3d3c01e496c48473be914a6b4463932f82 15142624 postgresql-13_13.1-1_amd64.deb
 930ae9c97734ce77aa8c2cfe928a7ca4eca7aee019ab9b9d41ef788d63bb675f 1842312 postgresql-client-13-dbgsym_13.1-1_amd64.ddeb
 fc4df5b040cfc420276156a175048e770e1525a8a19149bcb54ecd4ce21b007e 1495260 postgresql-client-13_13.1-1_amd64.deb
 55aee72bd2dd7a1bde663a103ef7cd8cb80faa96b0937ab20ac30a2cb01286a4 1893696 postgresql-doc-13_13.1-1_all.deb
 5398c94f3221d5b54d92aec441e11b14cf7bc07ba26d5997794945e226c49c07 156812 postgresql-plperl-13-dbgsym_13.1-1_amd64.ddeb
 2e87f595f6babba9080a74c6c85b2bf4fa7ede5ffdf62752f12ae2676f4d73ca 83184 postgresql-plperl-13_13.1-1_amd64.deb
 a2164ac8652503ad86c767e46c5b3f4bdf991fd3c841ccf9ff00dfd2283cad44 160152 postgresql-plpython3-13-dbgsym_13.1-1_amd64.ddeb
 e7b6d20c8c94c9783f1c85a4c8863456da32abdc224602ac13c8a200decc2375 102836 postgresql-plpython3-13_13.1-1_amd64.deb
 2e4e9364252f0b1627398fdbfd868c7313121bf0257f99f6debb62a7ae3b9981 74548 postgresql-pltcl-13-dbgsym_13.1-1_amd64.ddeb
 14fda404d701b5f1489626d2960383971397a28d6d8966c1bf1af5698e44d473 36876 postgresql-pltcl-13_13.1-1_amd64.deb
 d9f7c9765764a9cc540f700b6ba6c202787441dac1be553d66f31304f59154b1 966284 postgresql-server-dev-13_13.1-1_amd64.deb
Files:
 d92fdbc6e63aed7265b5b44e19f429ed 38216 debug optional libecpg-compat3-dbgsym_13.1-1_amd64.ddeb
 ebcc46e96995e099cfcd5091f251cad8 18540 libs optional libecpg-compat3_13.1-1_amd64.deb
 d58cd9193c6cb0da48b0f8beda7e3c37 237604 debug optional libecpg-dev-dbgsym_13.1-1_amd64.ddeb
 eb13e2bf73ab3ee6bd2d4be6cb496ed1 277856 libdevel optional libecpg-dev_13.1-1_amd64.deb
 0ae17e6ecd202315b051822af4b1a35a 111064 debug optional libecpg6-dbgsym_13.1-1_amd64.ddeb
 9080d150e77eb8c4a2f09c552cea527c 54520 libs optional libecpg6_13.1-1_amd64.deb
 10276efb61e9d541abd35abe6ea9ddb8 89236 debug optional libpgtypes3-dbgsym_13.1-1_amd64.ddeb
 1f81c642c6aaa40bb5a59976704bea66 43172 libs optional libpgtypes3_13.1-1_amd64.deb
 37fab8bdff9898eca178b1145ea574b6 131876 libdevel optional libpq-dev_13.1-1_amd64.deb
 06fca77b5af2021c189ba6e8d1c07392 252732 debug optional libpq5-dbgsym_13.1-1_amd64.ddeb
 974e6085638c65027b82e8dcf19ffc5f 174016 libs optional libpq5_13.1-1_amd64.deb
 6eb228c6708823c85def51f44444d80b 14849592 debug optional postgresql-13-dbgsym_13.1-1_amd64.ddeb
 3d54d0406b7ff6fbb4e8c276bcb3692a 15452 database optional postgresql-13_13.1-1_amd64.buildinfo
 497c8adbe6b6a69cb4c7d7b1445eebc4 15142624 database optional postgresql-13_13.1-1_amd64.deb
 98e2d42a131727b2150eb858b332977c 1842312 debug optional postgresql-client-13-dbgsym_13.1-1_amd64.ddeb
 238388b89ad4deade0f0abdb34319ae4 1495260 database optional postgresql-client-13_13.1-1_amd64.deb
 e9766755362fa433ba7ef4ddb0bdfbc6 1893696 doc optional postgresql-doc-13_13.1-1_all.deb
 480123a392044df657bb96af8fae4d74 156812 debug optional postgresql-plperl-13-dbgsym_13.1-1_amd64.ddeb
 200d396ae99e39251556cbf7176658a4 83184 database optional postgresql-plperl-13_13.1-1_amd64.deb
 df29253004ac61ce72ce687589995b93 160152 debug optional postgresql-plpython3-13-dbgsym_13.1-1_amd64.ddeb
 a27ce4352c3fb8bcc8eb8bf43e88963a 102836 database optional postgresql-plpython3-13_13.1-1_amd64.deb
 8a29dfdd5124e687c7cc11776c151644 74548 debug optional postgresql-pltcl-13-dbgsym_13.1-1_amd64.ddeb
 e0cc8a18b7de21d73e4692c2fc8ae05d 36876 database optional postgresql-pltcl-13_13.1-1_amd64.deb
 ecf8862033d268484a17ce9ff3a12b72 966284 libdevel optional postgresql-server-dev-13_13.1-1_amd64.deb