Control: tag -1 pending Hello,
Bug #932247 in postgresql reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/postgresql/postgresql/commit/69bff3c1e0f35486835e2a6dcb3307cfc0eabe26 ------------------------------------------------------------------------ New upstream version. * New upstream version. + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247) + Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch) We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208) ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/932247
