-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Aug 2025 20:13:29 +0200
Source: postgresql-15
Architecture: source
Version: 15.14-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.14.
 .
     + Tighten security checks in planner estimation functions (Dean Rasheed)
 .
       The fix for CVE-2017-7484, plus followup fixes, intended to prevent
       leaky functions from being applied to statistics data for columns that
       the calling user does not have permission to read.  Two gaps in that
       protection have been found.  One gap applies to partitioning and
       inheritance hierarchies where RLS policies on the tables should restrict
       access to statistics data, but did not.
 .
       The other gap applies to cases where the query accesses a table via a
       view, and the view owner has permissions to read the underlying table
       but the calling user does not have permissions on the view. The view
       owner's permissions satisfied the security checks, and the leaky
       function would get applied to the underlying table's statistics before
       we check the calling user's permissions on the view.  This has been
       fixed by making security checks on views occur at the start of planning.
       That might cause permissions failures to occur earlier than before.
 .
       The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
       (CVE-2025-8713)
 .
     + Prevent pg_dump scripts from being used to attack the user running the
       restore (Nathan Bossart)
 .
       Since dump/restore operations typically involve running SQL commands as
       superuser, the target database installation must trust the source
       server.  However, it does not follow that the operating system user who
       executes psql to perform the restore should have to trust the source
       server.  The risk here is that an attacker who has gained
       superuser-level control over the source server might be able to cause it
       to emit text that would be interpreted as psql meta-commands. That would
       provide shell-level access to the restoring user's own account,
       independently of access to the target database.
 .
       To provide a positive guarantee that this can't happen, extend psql with
       a \restrict command that prevents execution of further meta-commands,
       and teach pg_dump to issue that before any data coming from the source
       server.
 .
       The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
       RyotaK for reporting this problem. (CVE-2025-8714)
 .
     + Convert newlines to spaces in names included in comments in pg_dump
       output (Noah Misch)
 .
       Object names containing newlines offered the ability to inject arbitrary
       SQL commands into the output script.  (Without the preceding fix,
       injection of psql meta-commands would also be possible this way.)
       CVE-2012-0868 fixed this class of problem at the time, but later work
       reintroduced several cases.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2025-8715)
Checksums-Sha1:
 b37f24684a50416adacb53b6a91dd2e92819ee05 3926 postgresql-15_15.14-0+deb12u1.dsc
 474c7ee4c36f34dac2080c7ec569f1b485df724e 23229854 postgresql-15_15.14.orig.tar.bz2
 c7354555c87517b9333734a4fabc4418e5813880 29292 postgresql-15_15.14-0+deb12u1.debian.tar.xz
Checksums-Sha256:
 dfadb4a24df17970d152f845db33e589617938f04142a4f6708088adce0ace1a 3926 postgresql-15_15.14-0+deb12u1.dsc
 06dd75d305cd3870ee62b3932e661c624543eaf9ae2ba37cdec0a4f8edd051d2 23229854 postgresql-15_15.14.orig.tar.bz2
 1d66919ab0816c8962f3966455b2bee7a8359d118d4d0c54277efb2c4dedac67 29292 postgresql-15_15.14-0+deb12u1.debian.tar.xz
Files:
 c32101eb832f73de2eaab47af22131a8 3926 database optional postgresql-15_15.14-0+deb12u1.dsc
 d20c3f7b7f9422d1b896d6362858cea1 23229854 database optional postgresql-15_15.14.orig.tar.bz2
 fadeb435d1c0127d9d4bf7ecfd676b47 29292 database optional postgresql-15_15.14-0+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmic1ngACgkQTFprqxLS
p65hEhAAlq+oX2Rk6imiXLZJJ495e0WAo5YWDwQccNzNflD2t79M0Z2SnSTi3+bV
p6Qs19FoDBiBl3WhAs1I2tD6b30viwHr2fXCtyhRy+JC5xq9eu/0fMfX4NpFHuwx
1C02QfV7HFin73ZVb46IfuLdB8eLUhrL7avj0LDUzlVIPyWEhlzFxgFaDcNF2SxN
Dksm5Y1WmahXoHeql3vgxXJwsEkUSFoQqR8P2+HgwCVbplhljf/bqhnWWgFlHBz/
QslObmALXSocGfudAoFqVHML5FbO5kzmkZKPTYiHwZrWlu51ASTXtG/rSZY8I5kK
AZBaJy1sf/Msal+frHoDd/0J7rML93GIrhjx+QhrmxUws+XvzNxcRFm9pTFYeVlI
0lpmaZknVefgr8FPp8qFch/lmOC+XJP5mf9WLGRFLObH0w4UaplGtZxKBdbAEjQi
KuQo7wqZXZPKTY5VHjBCG1+UtdB7vakOZHkcLXVLQpETybp3EKTsdKcUCEgJjA4T
YzWKN45smMAJhDLEaV06b9eFCLeF3JS/kWiVNDln42nAynLMvb3lI7t5Ypaty672
KzZUWyf92lC84124Qygi1//pAp9Bq7t9blZMdjpZghJQuNKVgTmN8VwH0w+9fZGv
KjCXjt5WR+M5bcmZVazR0Sdlj0apAyQNOBCvCVWW3KZYUpmwyvU=
=uNdZ
-----END PGP SIGNATURE-----