From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Wed, 13 Aug 2025 13:03:55 +0200 
 Source: postgresql-17 
 Architecture: source 
 Version: 17.6-0+deb13u1 
 Distribution: trixie 
 Urgency: medium 
 Maintainer: Debian PostgreSQL Maintainers  
 Changed-By: Christoph Berg  
 Closes: 1107984 
 Changes: 
  postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium 
  . 
    * New upstream version 17.6. 
  . 
      + Tighten security checks in planner estimation functions (Dean 
 Rasheed) 
  . 
        The fix for CVE-2017-7484, plus followup fixes, intended to prevent 
        leaky functions from being applied to statistics data for columns 
 that 
        the calling user does not have permission to read.  Two gaps in that 
        protection have been found.  One gap applies to partitioning and 
        inheritance hierarchies where RLS policies on the tables should 
 restrict 
        access to statistics data, but did not. 
  . 
        The other gap applies to cases where the query accesses a table via a 
        view, and the view owner has permissions to read the underlying table 
        but the calling user does not have permissions on the view. The view 
        owner's permissions satisfied the security checks, and the leaky 
        function would get applied to the underlying table's statistics 
 before 
        we check the calling user's permissions on the view.  This has been 
        fixed by making security checks on views occur at the start of 
 planning. 
        That might cause permissions failures to occur earlier than before. 
  . 
        The PostgreSQL Project thanks Dean Rasheed for reporting this 
 problem. 
        (CVE-2025-8713) 
  . 
      + Prevent pg_dump scripts from being used to attack the user running 
 the 
        restore (Nathan Bossart) 
  . 
        Since dump/restore operations typically involve running SQL commands 
 as 
        superuser, the target database installation must trust the source 
        server.  However, it does not follow that the operating system user 
 who 
        executes psql to perform the restore should have to trust the source 
        server.  The risk here is that an attacker who has gained 
        superuser-level control over the source server might be able to 
 cause it 
        to emit text that would be interpreted as psql meta-commands. That 
 would 
        provide shell-level access to the restoring user's own account, 
        independently of access to the target database. 
  . 
        To provide a positive guarantee that this can't happen, extend psql 
 with 
        a \\restrict command that prevents execution of further meta-commands, 
        and teach pg_dump to issue that before any data coming from the 
 source 
        server. 
  . 
        The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and 
        RyotaK for reporting this problem. (CVE-2025-8714) 
  . 
      + Convert newlines to spaces in names included in comments in pg_dump 
        output (Noah Misch) 
  . 
        Object names containing newlines offered the ability to inject 
 arbitrary 
        SQL commands into the output script.  (Without the preceding fix, 
        injection of psql meta-commands would also be possible this way.) 
        CVE-2012-0868 fixed this class of problem at the time, but later work 
        reintroduced several cases. 
  . 
        The PostgreSQL Project thanks Noah Misch for reporting this problem. 
        (CVE-2025-8715) 
  . 
    * Add Turkish debconf translation by Atila KO€€, thanks! (Closes: 
 #1107984) 
    * Drop hurd-iovec patch, implemented upstream. 
 Checksums-Sha1: 
  3ceb7c397a5e6a28b6dee67a81d94239afb48458 4277 postgresql-17_17.6-0+deb13u1. 
 dsc 
  9fc28852dc56be1886132e4ae7d64e0f744fdc31 21623975 postgresql-17 
 17.6.orig.tar.bz2 
  0afd29414a2bb5d257a12aabc2c305a27037f661 28656 postgresql-17_17 
 6-0+deb13u1.debian.tar.xz 
 Checksums-Sha256: 
  5210a623d9a2a4c68bf2efcbeb38f3357579f8e7a80ddfb9afa30350e294b592 4277 
 postgresql-17_17.6-0+deb13u1.dsc 
  e0630a3600aea27511715563259ec2111cd5f4353a4b040e0be827f94cd7a8b0 21623975 
 postgresql-17_17.6.orig.tar.bz2 
  670be1c39b4642af68b5a8ccea2cbcb731b31e53d47a0145c7750410084d64b3 28656 
 postgresql-17_17.6-0+deb13u1.debian.tar.xz 
 Files: 
  499bd0e0648dc256dbf239bfca862b98 4277 database optional postgre 
 ql-17_17.6-0+deb13u1.dsc 
  e72b7e5dc22d44d56b113ed1f74e4084 21623975 database optional pos 
 gresql-17_17.6.orig.tar.bz2 
  27bae2dc9e0921f3f537ca4cc9cad8d4 28656 database optional postgr 
 sql-17_17.6-0+deb13u1.debian.tar.xz 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmicfoUACgkQTFprqxLS 
 p66Xqg/9GKlMbejA2tt4dg2Xch009q+jqIFw5o9nzYNoDQPYusEzSgDMNJndllZx 
 uVAKrpFxtFycNZyLJh7Ek9b4dka7m3a/JgTtLiAnoopvPjLMzuN4ZgnJmFRNXM6w 
 Y2qTUfnmK8su2XCgpCfU8YMGbcTHtcOXaTqfAOvsnxs0k6xM+p4q85fdavc+kud1 
 dCqc5rsB7KhFZbuDqYOaBSsexLhxVvEVfVkdGyRHBN0Xa+bS7KhLaAd5SrwclAu8 
 DDz7BUMkWF9NBoxQ8YryEEqYnRnizTOpaMZhWuPFIE0xAd7WbAzZzk6xH68UpHrw 
 t9H82Xquu2fxwZYnwKbaHDOg3mJsKo3f/9eOn4AicskYWo0zQuStUecq8uKF3OKd 
 xUgdqF5Q0gi4CoKVvI1xVkiOh5xG6bXws7ma2ujZq7no+Zd1HyYWW7BTW3CQrbof 
 KM1bF+/TBfg1I6e1Y47iYiCEP5iqf6JOkqB9zS9VsSaEtuu0PO5neZjfzbQlSXNz 
 0P2wXHWyhGAexbXYka+sxoyjTE/Af3j5B/3VXDd82fqe2vkWMgHGes+THu3Indau 
 wIIOKoFddZQui1kTvC6UtjPOIsauSMY2kRfjUW7azIM5Fn8a9aHL7VLYnPzfHcho 
 bQJ32Maw5ePByT3yjVOlfTf/M59xJ1Bc2eYQhHzs3Rcnw2cyc3E= 
 =ybv5 
 -----END PGP SIGNATURE----- 
  
  
 --==============€20406094445137102=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaKiNeQAKCRCb9qggYcy5 
 IXn3AQDzNAZmg0fa9ihlZ+CSh0/xnBcO1RriLUa+VAPSibMcsAEApyMyESw38gur 
 rqcjo4UZNhEBwWWeIodzvMoTFPi1UQo$mI 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)