Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: postgresql...@packages.debian.org Control: affects -1 + src:postgresql-15 User: release.debian....@packages.debian.org Usertags: pu
New postgresql-15 version with some CVEs that didn't warrant a DSA. Christoph
diff --git a/debian/changelog b/debian/changelog index 2a1794b..0d15f12 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,63 @@ +postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium + + * New upstream version 15.14. + + + Tighten security checks in planner estimation functions (Dean Rasheed) + + The fix for CVE-2017-7484, plus followup fixes, intended to prevent + leaky functions from being applied to statistics data for columns that + the calling user does not have permission to read. Two gaps in that + protection have been found. One gap applies to partitioning and + inheritance hierarchies where RLS policies on the tables should restrict + access to statistics data, but did not. + + The other gap applies to cases where the query accesses a table via a + view, and the view owner has permissions to read the underlying table + but the calling user does not have permissions on the view. The view + owner's permissions satisfied the security checks, and the leaky + function would get applied to the underlying table's statistics before + we check the calling user's permissions on the view. This has been + fixed by making security checks on views occur at the start of planning. + That might cause permissions failures to occur earlier than before. + + The PostgreSQL Project thanks Dean Rasheed for reporting this problem. + (CVE-2025-8713) + + + Prevent pg_dump scripts from being used to attack the user running the + restore (Nathan Bossart) + + Since dump/restore operations typically involve running SQL commands as + superuser, the target database installation must trust the source + server. However, it does not follow that the operating system user who + executes psql to perform the restore should have to trust the source + server. The risk here is that an attacker who has gained + superuser-level control over the source server might be able to cause it + to emit text that would be interpreted as psql meta-commands. That would + provide shell-level access to the restoring user's own account, + independently of access to the target database. + + To provide a positive guarantee that this can't happen, extend psql with + a \restrict command that prevents execution of further meta-commands, + and teach pg_dump to issue that before any data coming from the source + server. + + The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and + RyotaK for reporting this problem. (CVE-2025-8714) + + + Convert newlines to spaces in names included in comments in pg_dump + output (Noah Misch) + + Object names containing newlines offered the ability to inject arbitrary + SQL commands into the output script. (Without the preceding fix, + injection of psql meta-commands would also be possible this way.) + CVE-2012-0868 fixed this class of problem at the time, but later work + reintroduced several cases. + + The PostgreSQL Project thanks Noah Misch for reporting this problem. + (CVE-2025-8715) + + -- Christoph Berg <m...@debian.org> Wed, 13 Aug 2025 20:13:29 +0200 + postgresql-15 (15.13-0+deb12u1) bookworm; urgency=medium * New upstream version 15.13.
