-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Feb 2024 13:37:19 +0100 Source: postgresql-15 Architecture: source Version: 15.6-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers Changed-By: Christoph Berg Changes: postgresql-15 (15.6-0+deb12u1) bookworm-security; urgency=medium . * New upstream version. . * Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (Heikki Linnakangas) . One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected. . The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2024-0985) Checksums-Sha1: aa7e4c1df3abce8fabac9a2a098a541ab8b6c37e 3919 postgresql-15_15.6-0+deb12u1.dsc c62fb81e3eccbab523d840a7717c14a0b3a82a02 23093967 postgresql-15_15.6.orig.tar.bz2 77cb7c2f69c7bdb4e918076ab0db6e1b75296c85 25272 postgresql-15_15.6-0+deb12u1.debian.tar.xz Checksums-Sha256: 463b1874382cb45eafde63b39b73af844547ba5fde93ecf7b0ef53f3de15ef65 3919 postgresql-15_15.6-0+deb12u1.dsc 8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb 23093967 postgresql-15_15.6.orig.tar.bz2 8c82dc4cf12db5c640c527981e83d73c33c1530293cf3314692c82dffbe07ec4 25272 postgresql-15_15.6-0+deb12u1.debian.tar.xz Files: 247787a968e9ebcb3a5d9469fef1fdb7 3919 database optional postgresql-15_15.6-0+deb12u1.dsc 666511aeb53bd4ac029e236e35b42ca8 23093967 database optional postgresql-15_15.6.orig.tar.bz2 340055ef4345296c8ee246c821ee87e9 25272 database optional postgresql-15_15.6-0+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmXMsMYACgkQTFprqxLS p65mpA/+Kl6/zrXPHjfSLingAOvqCAWdO7+Ju9GppA56fsJaLuGOXLPNNgCuKSby bBxfYfePhLlWnClDOPnJDbsPIBp2TnvCK+s1F3Bx6H4VhPL0UwZ2m8zqsEF1F5We TdznFp3trO/ZSQL1coygY9GLAe/3B728nzP7Urturr8NPvYKUtJWd+K/62u33PGj HA0Ce/Tz4Oc/a4XeTUiqYQIHOkGBywubrXGV49cfOAG+nxIzyBa6q9qrt4jZfa1k /Fnxv7UZmOS1pOgknjZ9YZzH745zAGfPVA9KY/1dwdlx4S6E6yB1Ybq54pUF+SJE xSl/zobR73XjqOD8UT6AW2vkR/UfNtTp04X9Ix5Hc0iVbIzme8EJxqqXKiZSjYct nfZEGLO50lJDjT8uCceSLi8N3RzoErbqlFG0+c5zqLzitQHoVVyUbnNrAOsjJ2Qe uw8HcItRzmsk6S3H6hquPM6hW5ez/2yY2mnNb/6ZtVqQ3AOMo2RtRCYIWlPnnSl2 KexosBfqVheuPXdE+TnczLc/fcj1/yx+nxW4tSNj+NuCnGW0ZMVylAYN7+6LvdCd z8d4Eg7HgTkjHx8Vc3jbdwabVa9Y2a9sp7FZMShvR4anjF8uMBPxhDN1L4V4jOJW rwaNYWQy4cYaVVFjvE0VcucMuji0KRy9eVMIM7vI1sWWil2vHNc= =B6Sx -----END PGP SIGNATURE-----