Format: 1.8 Date: Thu, 12 Nov 2020 12:13:22 +0100 Source: postgresql-10 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-10 postgresql-client-10 postgresql-server-dev-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 Architecture: s390x s390x_translations Version: 10.15-0ubuntu0.18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Christian Ehrhardt Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 10 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-10 - object-relational SQL database, version 10 server postgresql-client-10 - front-end programs for PostgreSQL 10 postgresql-doc-10 - documentation for the PostgreSQL database management system postgresql-plperl-10 - PL/Perl procedural language for PostgreSQL 10 postgresql-plpython-10 - PL/Python procedural language for PostgreSQL 10 postgresql-plpython3-10 - PL/Python 3 procedural language for PostgreSQL 10 postgresql-pltcl-10 - PL/Tcl procedural language for PostgreSQL 10 postgresql-server-dev-10 - development files for PostgreSQL 10 server-side programming Changes: postgresql-10 (10.15-0ubuntu0.18.04.1) bionic-security; urgency=medium . * New upstream version. + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch) . This is essentially a leak in the security restricted operation sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser. . The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695) . + Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane) . The -d parameter of pg_dump and pg_restore, or the --maintenance-db parameter of the other programs mentioned, can be a connection string containing multiple connection parameters rather than just a database name. In cases where these programs need to initiate additional connections, such as parallel processing or processing of multiple databases, the connection string was forgotten and just the basic connection parameters (database name, host, port, and username) were used for the additional connections. This could lead to connection failures if the connection string included any other essential information, such as non-default SSL or GSS parameters. Worse, the connection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. (CVE-2020-25694) . + When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used (Tom Lane) . This avoids cases where reconnection might fail due to omission of relevant parameters, such as non-default SSL or GSS options. Worse, the reconnection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. This is largely the same problem as just cited for pg_dump et al, although psql's behavior is more complex since the user may intentionally override some connection parameters. (CVE-2020-25694) . + Prevent psql's \gset command from modifying specially-treated variables (Noah Misch) . \gset without a prefix would overwrite whatever variables the server told it to. Thus, a compromised server could set specially-treated variables such as PROMPT1, giving the ability to execute arbitrary shell code in the user's session. . The PostgreSQL Project thanks Nick Cleaton for reporting this problem. (CVE-2020-25696) . + Details about these and many further changes can be found at: https://www.postgresql.org/docs/10/static/release-10-15.html Checksums-Sha1: 5ae3d15dd5c99790c60363e09ca35d71c9d57ac9 16368 libecpg-compat3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb fde477560dd99345606fca998d320f93af6a09ae 11716 libecpg-compat3_10.15-0ubuntu0.18.04.1_s390x.deb 4394342a3fbd588ab594f3f4ed6d02a8c1d7ab60 207000 libecpg-dev-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 4a9105d7aa7aec67ae069db13e631130363512fe 216072 libecpg-dev_10.15-0ubuntu0.18.04.1_s390x.deb 2ba7b5af517edd365d11d36be65742f0e3bc70f7 94288 libecpg6-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb acf484e9a59fc5cc9364852fb5229da53d700d69 34272 libecpg6_10.15-0ubuntu0.18.04.1_s390x.deb ca6dc9249d413a995a0873e9694e2bc5d5600ea8 64128 libpgtypes3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb cf75c117e2a65eb1066353213031bf702d80a5e8 38432 libpgtypes3_10.15-0ubuntu0.18.04.1_s390x.deb 9363cea2dd09e8e8ccf4fe2664fd935dc4f1ef7c 209892 libpq-dev_10.15-0ubuntu0.18.04.1_s390x.deb 2d7015a09b9f1d20822a21554ef74dbfa313941d 253356 libpq5-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 708c0753df54b6b7005a937c5bf15a0c002d4ce9 100276 libpq5_10.15-0ubuntu0.18.04.1_s390x.deb 31feb3a4e25c7264a9b6e15ccb81c09f11adb764 15659400 postgresql-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 0a92dc9d2d3bcba278cc72f021eb5aad62296abc 17964 postgresql-10_10.15-0ubuntu0.18.04.1_s390x.buildinfo 66ed173c5df218f889c944cc6e5e3305b73ff853 3464176 postgresql-10_10.15-0ubuntu0.18.04.1_s390x.deb 607f1b1674ea446c56961e7eddc6b4e553e2f661 7870366 postgresql-10_10.15-0ubuntu0.18.04.1_s390x_translations.tar.gz a243cffdbafd21782439c1f5bf573475daa5176d 1661008 postgresql-client-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 51cab9b8e09e7a14479efbde3d84da8f260d002c 903380 postgresql-client-10_10.15-0ubuntu0.18.04.1_s390x.deb 2aefadd5f68e48287796cba48b980c89ef22bae1 194312 postgresql-plperl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb b10dfacf9f2055f03d3a1e4180153ee0404c1a7a 42404 postgresql-plperl-10_10.15-0ubuntu0.18.04.1_s390x.deb e0a1b6b807e361a5a39bc6532bd0e5fdc25b86f3 263360 postgresql-plpython-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb ab8641ed2733c0c20c1d8b2bc21014b012e20522 49160 postgresql-plpython-10_10.15-0ubuntu0.18.04.1_s390x.deb c63dc8c44a468738bb42ae88705e7b63c6f7aabc 256024 postgresql-plpython3-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 001a1d455b520bc85801fb2316850c5285c63b44 47680 postgresql-plpython3-10_10.15-0ubuntu0.18.04.1_s390x.deb df078e0f3db9109f52fd3eb6c013445e1e7dd138 88384 postgresql-pltcl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 83af4b1d7e3743bb8327aa7df0fc25cc26ca0580 28336 postgresql-pltcl-10_10.15-0ubuntu0.18.04.1_s390x.deb 3a7a544f985b52ef8fc05824a78ee5330d1c98f5 91192 postgresql-server-dev-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb c250486d01ca2843ec335d51a417bc138e39957f 836948 postgresql-server-dev-10_10.15-0ubuntu0.18.04.1_s390x.deb Checksums-Sha256: 6f4836324fdbfbe5fa5b25b0a45182d1dfa10fe0f733978d8e5c0a9d1e0c16ca 16368 libecpg-compat3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 7184a2141f64841b4c709634cff2100c63af0e3d2280c02612ae223bf9cf7a76 11716 libecpg-compat3_10.15-0ubuntu0.18.04.1_s390x.deb 94fc0e58ae8bf2a8454584d24d808e1455fe56dd816caa3a5a595f2740e1a0a9 207000 libecpg-dev-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb e30f51fae08012342f8e6c4c27ca5d6a187ff12dd451e9492a872eb500705a86 216072 libecpg-dev_10.15-0ubuntu0.18.04.1_s390x.deb 63ebd7d98c2f5a904e91860003489a5d483ab34f9e03821ca24c3a63a46ed7b3 94288 libecpg6-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 891aa3c875dcbc1cb87d0052bbf9dfc19ce6db78f0e1eafc4d7f4229f296d86e 34272 libecpg6_10.15-0ubuntu0.18.04.1_s390x.deb 42e56eea47dad8b5ee3707d03d2023bfb701a116474304d58dc6177c363d21f9 64128 libpgtypes3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 41a57e62129166708b6c5b4275e08a07953ae8d560bcceddd405b74f9b52659a 38432 libpgtypes3_10.15-0ubuntu0.18.04.1_s390x.deb 37c1a4df9897ee4e2dad7d91487586655e48cf5bb872f5b9e07b08b093ba39f8 209892 libpq-dev_10.15-0ubuntu0.18.04.1_s390x.deb b5ea3ba83d9c856f7bb2b9776df9ca175c67c61160937e76639e57755d6a9466 253356 libpq5-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 035af831a73541c3b729bab202be13ad12ecfef5751f376723ceb5a8b4a4cee5 100276 libpq5_10.15-0ubuntu0.18.04.1_s390x.deb 150cfa07af7fde9f6936ff488e6bbef3e54f6e8308f6c34b7d90d4f38adf062b 15659400 postgresql-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 917dec4d712dca22e9e6222654359d4f360bb6ec806ae08d8686fb87ec36ed0d 17964 postgresql-10_10.15-0ubuntu0.18.04.1_s390x.buildinfo 750bbdba9e6463f606c2542cdc808c850c020b7e31def981cdadb6960432cbc9 3464176 postgresql-10_10.15-0ubuntu0.18.04.1_s390x.deb 344542ba11f33dd10adb1fa7f1936401ab2be71665b3c380eefe448c394b731d 7870366 postgresql-10_10.15-0ubuntu0.18.04.1_s390x_translations.tar.gz 515c7a3fb03db024252309f76f0f76ffac534b64febc0e136d8b252872219266 1661008 postgresql-client-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 4658b202052dd804dd13fdd6b944f8a988595471a635f2fe8fd280463e74a715 903380 postgresql-client-10_10.15-0ubuntu0.18.04.1_s390x.deb 01e3d0a9fb0e1b933254994b5acc24c15a1cc8ea593200032f3058cbff5e4065 194312 postgresql-plperl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb c7497aaf1c3d36cc1f368d0ff026ccfe5284e27f732a8a933dfc267fc626b897 42404 postgresql-plperl-10_10.15-0ubuntu0.18.04.1_s390x.deb ca970c83d7b6cc66a8673cc0735cc83f24906671fa624873739f66a224b090f8 263360 postgresql-plpython-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 3d4f8aead4a707cfe5531f6b422e99a5f196b66ed7c3e744ba7f84aed5c36008 49160 postgresql-plpython-10_10.15-0ubuntu0.18.04.1_s390x.deb a9b85c171593c0cea3c35f30ea305b26203501af0ad8f661ce18065e8229a1d9 256024 postgresql-plpython3-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 157fce8b7a271d8293e4d9e8e5f660fea1b9675695b72e7eb483bbd5d0b3c32d 47680 postgresql-plpython3-10_10.15-0ubuntu0.18.04.1_s390x.deb 54952cb2b771ffea6a4277771b46cd5b13ae1a7d903c4554df6237dce15afe87 88384 postgresql-pltcl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 1e470e2692b2da1fc4d3b31a0685952c562a478776fc8f0f1e922644b0af9ddc 28336 postgresql-pltcl-10_10.15-0ubuntu0.18.04.1_s390x.deb 5106c01d037f93e32b326fc8d847da0098a78f39e03a06ddc443ca0521c71bcf 91192 postgresql-server-dev-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 2806069a4e9023751a8be371d2a81b4e48584a6a9e7b65b82ab0900e1ecadf6d 836948 postgresql-server-dev-10_10.15-0ubuntu0.18.04.1_s390x.deb Files: a47bb650af534dfa02c4487c7f46024a 16368 debug optional libecpg-compat3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 4d6f43a01e253f827b12afca8087f950 11716 libs optional libecpg-compat3_10.15-0ubuntu0.18.04.1_s390x.deb 199cc53d15c181cf68a988d229487377 207000 debug optional libecpg-dev-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 5588fec3c8e02e8fd1a546bda20a748b 216072 libdevel optional libecpg-dev_10.15-0ubuntu0.18.04.1_s390x.deb 2e74604c80b75c72298caf2aad344075 94288 debug optional libecpg6-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 21c4713a1a51a8368f1ae12d97422fc5 34272 libs optional libecpg6_10.15-0ubuntu0.18.04.1_s390x.deb 72492ae841016ed5cc099c7cbccb4ba7 64128 debug optional libpgtypes3-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 2ce59acf3fc998c812dba97f2e1ecf79 38432 libs optional libpgtypes3_10.15-0ubuntu0.18.04.1_s390x.deb 2efe8ac395ab6dbcab8999b2e9b58cc7 209892 libdevel optional libpq-dev_10.15-0ubuntu0.18.04.1_s390x.deb ebcc017dbf54dd5f6a0785fac3994af3 253356 debug optional libpq5-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb d453ce1733fe55ea6650e3b3adcaed1d 100276 libs optional libpq5_10.15-0ubuntu0.18.04.1_s390x.deb 0bc237d04286ed59680210b0411a445b 15659400 debug optional postgresql-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 594c7b359c5285dc0da696edcddc7c8b 17964 database optional postgresql-10_10.15-0ubuntu0.18.04.1_s390x.buildinfo 71fbf0010dca7dab79ee6db4e5d5cdbe 3464176 database optional postgresql-10_10.15-0ubuntu0.18.04.1_s390x.deb 30eb573158eade8db834ad84c778ef1c 7870366 raw-translations - postgresql-10_10.15-0ubuntu0.18.04.1_s390x_translations.tar.gz be66b61accc3f7d626e92e3d740984e3 1661008 debug optional postgresql-client-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 633f93c5bd88531612d14f0b95e59aa2 903380 database optional postgresql-client-10_10.15-0ubuntu0.18.04.1_s390x.deb 905114b01110a95c4d387ff51d5295c4 194312 debug optional postgresql-plperl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 39186dd892e4e60ae258f410914194be 42404 database optional postgresql-plperl-10_10.15-0ubuntu0.18.04.1_s390x.deb ff961235e36a6ec681acd46c9b5c27d5 263360 debug optional postgresql-plpython-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 428bf0de33851ae2e053cf84fbc0ca08 49160 database optional postgresql-plpython-10_10.15-0ubuntu0.18.04.1_s390x.deb 7f264ef0d3f15db926e2322d7eba97ad 256024 debug optional postgresql-plpython3-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 0abc533509eb468c0baeea814193c91d 47680 database optional postgresql-plpython3-10_10.15-0ubuntu0.18.04.1_s390x.deb 765bfcccaf765b3d519ffbc73f7165e5 88384 debug optional postgresql-pltcl-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb e4efe2c3f17987eb8af9158ce474036c 28336 database optional postgresql-pltcl-10_10.15-0ubuntu0.18.04.1_s390x.deb 1d61a1f46729c07ba4894e2ef4543e1a 91192 debug optional postgresql-server-dev-10-dbgsym_10.15-0ubuntu0.18.04.1_s390x.ddeb 6e82a706bf0fd91c61db31bfff7ba168 836948 libdevel optional postgresql-server-dev-10_10.15-0ubuntu0.18.04.1_s390x.deb Original-Maintainer: Debian PostgreSQL Maintainers