From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Wed, 13 Aug 2025 20:13:29 +0200 
 Source: postgresql-15 
 Architecture: source 
 Version: 15.14-0+deb12u1 
 Distribution: bookworm 
 Urgency: medium 
 Maintainer: Debian PostgreSQL Maintainers  
 Changed-By: Christoph Berg  
 Changes: 
  postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium 
  . 
    * New upstream version 15.14. 
  . 
      + Tighten security checks in planner estimation functions (Dean 
 Rasheed) 
  . 
        The fix for CVE-2017-7484, plus followup fixes, intended to prevent 
        leaky functions from being applied to statistics data for columns 
 that 
        the calling user does not have permission to read.  Two gaps in that 
        protection have been found.  One gap applies to partitioning and 
        inheritance hierarchies where RLS policies on the tables should 
 restrict 
        access to statistics data, but did not. 
  . 
        The other gap applies to cases where the query accesses a table via a 
        view, and the view owner has permissions to read the underlying table 
        but the calling user does not have permissions on the view. The view 
        owner's permissions satisfied the security checks, and the leaky 
        function would get applied to the underlying table's statistics 
 before 
        we check the calling user's permissions on the view.  This has been 
        fixed by making security checks on views occur at the start of 
 planning. 
        That might cause permissions failures to occur earlier than before. 
  . 
        The PostgreSQL Project thanks Dean Rasheed for reporting this 
 problem. 
        (CVE-2025-8713) 
  . 
      + Prevent pg_dump scripts from being used to attack the user running 
 the 
        restore (Nathan Bossart) 
  . 
        Since dump/restore operations typically involve running SQL commands 
 as 
        superuser, the target database installation must trust the source 
        server.  However, it does not follow that the operating system user 
 who 
        executes psql to perform the restore should have to trust the source 
        server.  The risk here is that an attacker who has gained 
        superuser-level control over the source server might be able to 
 cause it 
        to emit text that would be interpreted as psql meta-commands. That 
 would 
        provide shell-level access to the restoring user's own account, 
        independently of access to the target database. 
  . 
        To provide a positive guarantee that this can't happen, extend psql 
 with 
        a \\restrict command that prevents execution of further meta-commands, 
        and teach pg_dump to issue that before any data coming from the 
 source 
        server. 
  . 
        The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and 
        RyotaK for reporting this problem. (CVE-2025-8714) 
  . 
      + Convert newlines to spaces in names included in comments in pg_dump 
        output (Noah Misch) 
  . 
        Object names containing newlines offered the ability to inject 
 arbitrary 
        SQL commands into the output script.  (Without the preceding fix, 
        injection of psql meta-commands would also be possible this way.) 
        CVE-2012-0868 fixed this class of problem at the time, but later work 
        reintroduced several cases. 
  . 
        The PostgreSQL Project thanks Noah Misch for reporting this problem. 
        (CVE-2025-8715) 
 Checksums-Sha1: 
  b37f24684a50416adacb53b6a91dd2e92819ee05 3926 postgresql-15_15. 
 4-0+deb12u1.dsc 
  474c7ee4c36f34dac2080c7ec569f1b485df724e 23229854 postgresql-15 
 15.14.orig.tar.bz2 
  c7354555c87517b9333734a4fabc4418e5813880 29292 postgresql-15_15 
 14-0+deb12u1.debian.tar.xz 
 Checksums-Sha256: 
  dfadb4a24df17970d152f845db33e589617938f04142a4f6708088adce0ace1a 3926 
 postgresql-15_15.14-0+deb12u1.dsc 
  06dd75d305cd3870ee62b3932e661c624543eaf9ae2ba37cdec0a4f8edd051d2 23229854 
 postgresql-15_15.14.orig.tar.bz2 
  1d66919ab0816c8962f3966455b2bee7a8359d118d4d0c54277efb2c4dedac67 29292 
 postgresql-15_15.14-0+deb12u1.debian.tar.xz 
 Files: 
  c32101eb832f73de2eaab47af22131a8 3926 database optional postgre 
 ql-15_15.14-0+deb12u1.dsc 
  d20c3f7b7f9422d1b896d6362858cea1 23229854 database optional pos 
 gresql-15_15.14.orig.tar.bz2 
  fadeb435d1c0127d9d4bf7ecfd676b47 29292 database optional postgr 
 sql-15_15.14-0+deb12u1.debian.tar.xz 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmic1ngACgkQTFprqxLS 
 p65hEhAAlq+oX2Rk6imiXLZJJ495e0WAo5YWDwQccNzNflD2t79M0Z2SnSTi3+bV 
 p6Qs19FoDBiBl3WhAs1I2tD6b30viwHr2fXCtyhRy+JC5xq9eu/0fMfX4NpFHuwx 
 1C02QfV7HFin73ZVb46IfuLdB8eLUhrL7avj0LDUzlVIPyWEhlzFxgFaDcNF2SxN 
 Dksm5Y1WmahXoHeql3vgxXJwsEkUSFoQqR8P2+HgwCVbplhljf/bqhnWWgFlHBz/ 
 QslObmALXSocGfudAoFqVHML5FbO5kzmkZKPTYiHwZrWlu51ASTXtG/rSZY8I5kK 
 AZBaJy1sf/Msal+frHoDd/0J7rML93GIrhjx+QhrmxUws+XvzNxcRFm9pTFYeVlI 
 0lpmaZknVefgr8FPp8qFch/lmOC+XJP5mf9WLGRFLObH0w4UaplGtZxKBdbAEjQi 
 KuQo7wqZXZPKTY5VHjBCG1+UtdB7vakOZHkcLXVLQpETybp3EKTsdKcUCEgJjA4T 
 YzWKN45smMAJhDLEaV06b9eFCLeF3JS/kWiVNDln42nAynLMvb3lI7t5Ypaty672 
 KzZUWyf92lC84124Qygi1//pAp9Bq7t9blZMdjpZghJQuNKVgTmN8VwH0w+9fZGv 
 KjCXjt5WR+M5bcmZVazR0Sdlj0apAyQNOBCvCVWW3KZYUpmwyvU= 
 =uNdZ 
 -----END PGP SIGNATURE----- 
  
  
 --============== 61842530072988134=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaKiNkAAKCRCb9qggYcy5 
 Ia54AP9eCGv0BMlRnVrLjCmCzSUKR25mRmbZGdflb/SgFwtWVgEAgy7zff2pj8M0 
 LqQwEWLJwS6EtoRYZp//qmBG3SnR/Q0=RiwW 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)