-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Dec 2020 10:04:12 +0100
Source: postgresql-11
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-11 postgresql-11-dbgsym postgresql-client-11 postgresql-client-11-dbgsym postgresql-plperl-11 postgresql-plperl-11-dbgsym postgresql-plpython-11 postgresql-plpython-11-dbgsym postgresql-plpython3-11 postgresql-plpython3-11-dbgsym postgresql-pltcl-11 postgresql-pltcl-11-dbgsym postgresql-server-dev-11 postgresql-server-dev-11-dbgsym
Architecture: armel
Version: 11.10-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: armhf Build Daemon (antheil) <buildd_armhf-antheil@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 11
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-11 - object-relational SQL database, version 11 server
 postgresql-client-11 - front-end programs for PostgreSQL 11
 postgresql-plperl-11 - PL/Perl procedural language for PostgreSQL 11
 postgresql-plpython-11 - PL/Python procedural language for PostgreSQL 11
 postgresql-plpython3-11 - PL/Python 3 procedural language for PostgreSQL 11
 postgresql-pltcl-11 - PL/Tcl procedural language for PostgreSQL 11
 postgresql-server-dev-11 - development files for PostgreSQL 11 server-side programming
Closes: 974063
Changes:
 postgresql-11 (11.10-0+deb10u1) buster; urgency=medium
 .
   * New upstream version.
     + Fixes timetz regression test failures. (Closes: #974063)
 .
     + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers
       within index expressions and materialized view queries (Noah Misch)
 .
       This is essentially a leak in the security restricted operation sandbox
       mechanism.  An attacker having permission to create non-temporary SQL
       objects could parlay this leak to execute arbitrary SQL code as a
       superuser.
 .
       The PostgreSQL Project thanks Etienne Stalmans for reporting this
       problem. (CVE-2020-25695)
 .
     + Fix usage of complex connection-string parameters in pg_dump,
       pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)
 .
       The -d parameter of pg_dump and pg_restore, or the --maintenance-db
       parameter of the other programs mentioned, can be a connection string
       containing multiple connection parameters rather than just a database
       name.  In cases where these programs need to initiate additional
       connections, such as parallel processing or processing of multiple
       databases, the connection string was forgotten and just the basic
       connection parameters (database name, host, port, and username) were
       used for the additional connections.  This could lead to connection
       failures if the connection string included any other essential
       information, such as non-default SSL or GSS parameters. Worse, the
       connection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. (CVE-2020-25694)
 .
     + When psql's \connect command re-uses connection parameters, ensure that
       all non-overridden parameters from a previous connection string are
       re-used (Tom Lane)
 .
       This avoids cases where reconnection might fail due to omission of
       relevant parameters, such as non-default SSL or GSS options. Worse, the
       reconnection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. This is largely the same problem as
       just cited for pg_dump et al, although psql's behavior is more complex
       since the user may intentionally override some connection parameters.
       (CVE-2020-25694)
 .
     + Prevent psql's \gset command from modifying specially-treated variables
       (Noah Misch)
 .
       \gset without a prefix would overwrite whatever variables the server
       told it to.  Thus, a compromised server could set specially-treated
       variables such as PROMPT1, giving the ability to execute arbitrary shell
       code in the user's session.
 .
       The PostgreSQL Project thanks Nick Cleaton for reporting this problem.
       (CVE-2020-25696)
Checksums-Sha1:
 616ae7d3b59ef492fdabcc3264bae7ae5cbedfcc 18524 libecpg-compat3-dbgsym_11.10-0+deb10u1_armel.deb
 78f23353f554514df53fd19c8d841ed6e912c855 17524 libecpg-compat3_11.10-0+deb10u1_armel.deb
 47a3eac30e035fc16afa69a03ad3e6b4a1707480 211048 libecpg-dev-dbgsym_11.10-0+deb10u1_armel.deb
 cf38af164db12d5cf3ec221eff8e01d270eeb273 216000 libecpg-dev_11.10-0+deb10u1_armel.deb
 cc5ee616cfae6dd325dcec45b9210c7ee35ae6a6 109784 libecpg6-dbgsym_11.10-0+deb10u1_armel.deb
 1a1158dff1044b59005aa2158afdca01233f0b7b 82868 libecpg6_11.10-0+deb10u1_armel.deb
 4f19b3c7a824be0fec653d9107734ecc98b045a4 74644 libpgtypes3-dbgsym_11.10-0+deb10u1_armel.deb
 564e1a3571ce1b6057bab00d9a3edf4ac7a11731 38280 libpgtypes3_11.10-0+deb10u1_armel.deb
 f34550bb004b848600ff36e3aff8f5c1f0d0381d 152132 libpq-dev_11.10-0+deb10u1_armel.deb
 63ab0d61e316045b75fdc936cabd087289121f89 281652 libpq5-dbgsym_11.10-0+deb10u1_armel.deb
 c7d442d341b5a8c459787a99a3590e45019f3bc1 151096 libpq5_11.10-0+deb10u1_armel.deb
 a5d4fe11c714ab429c9d1ecdda9819b50603bbdf 18773976 postgresql-11-dbgsym_11.10-0+deb10u1_armel.deb
 241c33cd853d9e2eb8bee0ce8b67a5055b126edb 16376 postgresql-11_11.10-0+deb10u1_armel-buildd.buildinfo
 569e3dd4437a3460ed4ce6064afb67703776ee11 13499880 postgresql-11_11.10-0+deb10u1_armel.deb
 235d01d5afc690d912b60919e5eba7269d3c9803 1837084 postgresql-client-11-dbgsym_11.10-0+deb10u1_armel.deb
 fcc21bc0e8b9b417dd241c19ef996b0db2f0f51d 1333240 postgresql-client-11_11.10-0+deb10u1_armel.deb
 d6db47aa8e0a891ba659f7bac22afcaf7836cbe4 244368 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armel.deb
 1e4c05b67c448ae092425722eea7a6a92236b53d 61760 postgresql-plperl-11_11.10-0+deb10u1_armel.deb
 1a2ce3b6db862b67808b7ca0dd79533e4c3f69f5 303304 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armel.deb
 9d987c956ea81182e179f7dba97f727f4dad8aea 50504 postgresql-plpython-11_11.10-0+deb10u1_armel.deb
 fea4a32aa8641e5035f00e45a8026bba5633c9fe 329880 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armel.deb
 db6c35bc17218f22844373512704eb9d1294e365 67396 postgresql-plpython3-11_11.10-0+deb10u1_armel.deb
 a20f9ce0571d5feb847ffa68b884a03aeb7933b0 97616 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armel.deb
 666f8dd9dce7012c0c0551d0c42baaba72be138d 36812 postgresql-pltcl-11_11.10-0+deb10u1_armel.deb
 319854215a2e752a7a6ae5eb45b993be092ebbca 100332 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armel.deb
 0fa2ceda1c09e5aabe974b9982d95a8fccf5ef8f 926004 postgresql-server-dev-11_11.10-0+deb10u1_armel.deb
Checksums-Sha256:
 07b823e55008d0c75c34e0f08584112760e7c032f26e53c58833be9db47a36f8 18524 libecpg-compat3-dbgsym_11.10-0+deb10u1_armel.deb
 c5bd7549a651e8c30cb66c2f91b172aae47a1fa815126041db4bb5abcd6bb6b9 17524 libecpg-compat3_11.10-0+deb10u1_armel.deb
 5c6971594c21cb7c5aa7ace26e7e8d40d80513e25dea0307ec35abef5125cf80 211048 libecpg-dev-dbgsym_11.10-0+deb10u1_armel.deb
 eaa5d6678638f1021ff7f5d8d111d7d6d571e5b40090a1b38be39d89c06eb56c 216000 libecpg-dev_11.10-0+deb10u1_armel.deb
 c7049355988c155a43c1c5e701c24ad3db03cd1cbe4393df6b94f376fbe9a7b7 109784 libecpg6-dbgsym_11.10-0+deb10u1_armel.deb
 bfe45d86c1d0520676f432470aa43ba3d86d2e177d1c54843610a921b593fcf9 82868 libecpg6_11.10-0+deb10u1_armel.deb
 18a2d1ecb86ecf0989ee515395534a2eae715c3ce32f383b4b2a0e5463f4b7d0 74644 libpgtypes3-dbgsym_11.10-0+deb10u1_armel.deb
 18d732eaab6c81493683473e07681bdb790a1ba5cd24dc277aa5230b2037948a 38280 libpgtypes3_11.10-0+deb10u1_armel.deb
 092e402176d2dceb1e0b2f5a8151ac0039e208b5b25b987b72a4e02b385944e9 152132 libpq-dev_11.10-0+deb10u1_armel.deb
 8d72d276cbf9be4bef3164a94306094af5ceed1bc976b212d1319d12a2e5366f 281652 libpq5-dbgsym_11.10-0+deb10u1_armel.deb
 d869cf54ffb8ec05f9c0a65283aae9a32bc4ebf3925a9de8ddaaffb39681891a 151096 libpq5_11.10-0+deb10u1_armel.deb
 20ded2202eb4c9245b001eb6191d8674c689bab7731afa3eab6a7def14571874 18773976 postgresql-11-dbgsym_11.10-0+deb10u1_armel.deb
 6922406ddf36e39fcb9da30bd0bbed284a01be57256c6de13161a96656508382 16376 postgresql-11_11.10-0+deb10u1_armel-buildd.buildinfo
 d78bba94ca18ef341738bd1c40900b286ffad6c40d3cff1f415db3d0512b0689 13499880 postgresql-11_11.10-0+deb10u1_armel.deb
 67e785483dd08921e0df6782de773148e9a5a202fc0f1aa0bd7a860791892684 1837084 postgresql-client-11-dbgsym_11.10-0+deb10u1_armel.deb
 3370332c6c199cf266d29b6284f73372db591871e7df69d6f617b20785236964 1333240 postgresql-client-11_11.10-0+deb10u1_armel.deb
 24ba9a55b8fb5388a52f2d7d92b01608a4dfc3f6f12fa4f90b1ec6ed32d045e8 244368 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armel.deb
 9297d93e1925ff822f4fb6f63dbd7502b704fcff1f7ccbb822be3fa927bb070b 61760 postgresql-plperl-11_11.10-0+deb10u1_armel.deb
 4a40574f0e6910f59b67b92c6bb4d5146b476a23d18f06255798418af6ddfb87 303304 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armel.deb
 1440ae005a91bcf32a04bd4cb4bd3e677ae1685316443fab7bccb1e0b68f879a 50504 postgresql-plpython-11_11.10-0+deb10u1_armel.deb
 299e46cfcf515d1d39c7f62b18e5f75c3c12872b40e8e60e0e50f016ab39ab56 329880 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armel.deb
 b307a854c6ab4fe6095d1e98393b29466387c8a787e533758bc679cb5c759044 67396 postgresql-plpython3-11_11.10-0+deb10u1_armel.deb
 ddf18aba371deba37494b5ae357e7a1c58cd6ebcb6e48e2787f761425c4620e4 97616 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armel.deb
 c2a154574e634c826bb92db940a57dd2a0d28b50894f252f57ae0bbfd04f194f 36812 postgresql-pltcl-11_11.10-0+deb10u1_armel.deb
 5a5e939c9ca04f71a251763cbb0230ed8a34230b57be17a5a4cda73580838076 100332 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armel.deb
 d4322aaea81f4006847cdcd475d3315c4d65631f7cf6f71d5e009c81688a5ffc 926004 postgresql-server-dev-11_11.10-0+deb10u1_armel.deb
Files:
 250f546c5fc6513e569d9e0acb431d68 18524 debug optional libecpg-compat3-dbgsym_11.10-0+deb10u1_armel.deb
 da06da80cfd89acd8c41c1a85cbcfdee 17524 libs optional libecpg-compat3_11.10-0+deb10u1_armel.deb
 6074bd1147b938fe9304963995905107 211048 debug optional libecpg-dev-dbgsym_11.10-0+deb10u1_armel.deb
 4ea2604e4fefd2d610af1d5ff6c21a41 216000 libdevel optional libecpg-dev_11.10-0+deb10u1_armel.deb
 c2ad93c41cfceb6fc50ad5f46e2e2325 109784 debug optional libecpg6-dbgsym_11.10-0+deb10u1_armel.deb
 16a6bf0b4962d01f6f5d3db53f52b368 82868 libs optional libecpg6_11.10-0+deb10u1_armel.deb
 59aa1c4807eae3a29e545c3fb1ddcdcd 74644 debug optional libpgtypes3-dbgsym_11.10-0+deb10u1_armel.deb
 40ecd21ddf0e8f97d1872a124739e520 38280 libs optional libpgtypes3_11.10-0+deb10u1_armel.deb
 b3cc65669dc76bd2990d93adfdbfea6f 152132 libdevel optional libpq-dev_11.10-0+deb10u1_armel.deb
 78e59a4d067917a3ab2d53c8d9289011 281652 debug optional libpq5-dbgsym_11.10-0+deb10u1_armel.deb
 fbca8d0149e151d1820860b4e7efaec0 151096 libs optional libpq5_11.10-0+deb10u1_armel.deb
 8edabb87ed81e4aab7416b5366b7a3fd 18773976 debug optional postgresql-11-dbgsym_11.10-0+deb10u1_armel.deb
 e160c08deb88ec08d61f8e71a88b4f57 16376 database optional postgresql-11_11.10-0+deb10u1_armel-buildd.buildinfo
 8690e2af2803040e20cc7270dbacde66 13499880 database optional postgresql-11_11.10-0+deb10u1_armel.deb
 986e17d21b8a4bb80d337fbbe8c7c4e7 1837084 debug optional postgresql-client-11-dbgsym_11.10-0+deb10u1_armel.deb
 f5590fb0a2097097acc751f8d03200ea 1333240 database optional postgresql-client-11_11.10-0+deb10u1_armel.deb
 d5d8b444ed9f37efd55a74bf94bc2659 244368 debug optional postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armel.deb
 b6399c2a58de2e4ae3c0c27d7b7423ba 61760 database optional postgresql-plperl-11_11.10-0+deb10u1_armel.deb
 2c64d6c730bdaabe2d2fcd081c28115a 303304 debug optional postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armel.deb
 5861aa6eebea229cffedfacedb0321ca 50504 database optional postgresql-plpython-11_11.10-0+deb10u1_armel.deb
 001abd33fae84f24101fcf76c4b918f7 329880 debug optional postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armel.deb
 fe2cdd4fc34b4c5170f36cc231fc5c9a 67396 database optional postgresql-plpython3-11_11.10-0+deb10u1_armel.deb
 8c803bd2de9e320a871b27a741564aca 97616 debug optional postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armel.deb
 d5fb6a571421ece8532077318f6d66d9 36812 database optional postgresql-pltcl-11_11.10-0+deb10u1_armel.deb
 6fc17e5532019a0f68fbbaa6dfa38d02 100332 debug optional postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armel.deb
 1cac8e8c919a82d974d640792679f383 926004 libdevel optional postgresql-server-dev-11_11.10-0+deb10u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+1GJPNvS1hXASfHY/2Ioj1sRd84FAl/NsXgACgkQ/2Ioj1sR
d86xLRAAjCv4/X64EI6xFTAqAvdyCFXo8Gxd8vxxU1/4R0orSCOOXAUpfpo/Rx4Z
umtBHgFJg+jlxjI3kDRF0IdRmTvZKkA5R+jAgntqcVhCx5qNJUaKepQTYRl9sVTl
MUuzAe9OHTsB8nzNiE4inJJphnEB31XBPaQCMM9eGoCxuoeBYBJZeRtpfRCFtYiW
/V0ZYe9d4DZUDq9RuLLxZhOv0YP0z5t0PfYc+yZdSQZTUWw415w69HirX7/glrAW
TJ99Uhn/C9BteVwVwPSk7jkQ3HD39+2AcLdOUhHuoa76rbQBogkSv1FTG/tA+e7w
2CoKEG1oiImRMrODHN6YSsDwOgMtZq8p7+B5eunCjMg/fPLwCVoa4+9XD+RFLfSt
VnTiGAIJp8Es7B5De5tpQOTbWrKwHEbGI212mxL4JxMvxGRDzrIVG5ZCovXEYJ/M
KSTuTtOkIs9VTp/DeCpXhTtUS0qYK2WF00H9l8oq45M1MShxFjvQWDKPDPJk5eLZ
tkbryE42hM5wuBNBPHp9mIhK7tOnja+nzzfb4fpqv2wmGlInGxhXdwnjIPGqxyir
H3UuSYijShAUOeDMI8mns0ga9E6g6LJbfNsdlDJXmliKSKcijUwAV/xRZMuXW6jv
UOnCcjnwphYok+/rdCgCHOMCX/ue16qoi7qL27sGzgNZhLDuN6M=
=YiKx
-----END PGP SIGNATURE-----