-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2019 11:36:28 +0200 Source: postgresql-11 Architecture: source Version: 11.5-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgre...@tracker.debian.org> Changed-By: Christoph Berg <m...@debian.org> Closes: 929953 932247 Changes: postgresql-11 (11.5-1) unstable; urgency=medium . * New upstream version. . + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247) . + No longer picks "UCT" as timezone spelling. (Closes: #929953) . + Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch) . We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208) . + Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich) . Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209) . * debian/pycompat: Obsolete, remove. * debian/patches: Add missing patch documentation. * debian/rules: Use /usr/share/dpkg/pkg-info.mk and vendor.mk for --with-extra-version. * debian/*.symbols: Add Build-Depends-Package information. * debian/tests: Also run regression tests. * debian/tests/control: Add fakeroot to dependencies. Checksums-Sha1: d52477d4fa0ba6ff4d79eb0be9f40e9fd8116914 3716 postgresql-11_11.5-1.dsc 24ceee589a0aec775ea7c4c4a001c710ff27a0d4 19773087 postgresql-11_11.5.orig.tar.bz2 93761fd89fc57323494085900413e2261b74a8db 25384 postgresql-11_11.5-1.debian.tar.xz Checksums-Sha256: 343b95f2950f93a02505eac1a89b0ca7c043b151980b85e088b01e0e7528e476 3716 postgresql-11_11.5-1.dsc 7fdf23060bfc715144cbf2696cf05b0fa284ad3eb21f0c378591c6bca99ad180 19773087 postgresql-11_11.5.orig.tar.bz2 72efa53767d9cc353c75bfad6b63ad1e1af7bda9b960aa6cc4ab5c5708cb51c2 25384 postgresql-11_11.5-1.debian.tar.xz Files: 41fbd4a5c6d4bd1cdf66e46598ba00b2 3716 database optional postgresql-11_11.5-1.dsc 580da94f6d85046ff2a228785ab2cc89 19773087 database optional postgresql-11_11.5.orig.tar.bz2 f2c155790a47ded43b05196ec855ce32 25384 database optional postgresql-11_11.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAl1MF+EACgkQTFprqxLS p67dNxAAjfqO4PJaSLbgfDHkUQHkUlnl21GzBWBOX5d9XXgujwfenkwdwWvgzVh7 Lm3pIr5bAfBN19cl14ahwzIcgr4tUB1ioSWteefb152RloLAQoDeHL451W0hezYP QK0Y2rBNhw5gsrrFnymcOYq8tPup2MUIsrXRCdqoRqKswO0ou6yd/0mCJegWVXuu ulRtd+ItLvxlPr2L6a6RJA6HqWodlDy0uysJwAwB66YcizolTLtMOXm40ExhcFCr fCSK7+ERyAdhIFft/kyi/+s1Co3tT1CHgPPzmtPwEK39g7bYKAjBNxyuw9vpZJeX HNakpWxOgQCoVAvthuG/E77F9ndG88l403cTSAFAKpxHbOmy016cFxdrd43u7Ian kkIYFSHELqWwreV1POBceia3thb6yGn3XV3si+IZfILvM5FibrPOXlg+B6mXuv84 uF5qf2VK/zfhQrqmnkfDolNrNlxLFI+dQNYH5HKOBSne+80vsnNEpFcBXse3dmu5 2RxHZwbH/nGaH3kD12hSW46/OaTlhGTEBBJ3efqOsAuSJqUmqNAbr2yNyrgEHYkw raQ4JIWEhZiNCcXmymgChkgaDJ4cTwnt+jitCST++2VYdJskI+LJMtnVWw8yJyK3 Pd4dBgPpezhFx4/DWckO8wAWdfDkXjzEhAJu4W4V5Bqj2jTlOXE= =5fyX -----END PGP SIGNATURE-----