-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Dec 2020 10:04:12 +0100
Source: postgresql-11
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-11 postgresql-11-dbgsym postgresql-client-11 postgresql-client-11-dbgsym postgresql-plperl-11 postgresql-plperl-11-dbgsym postgresql-plpython-11 postgresql-plpython-11-dbgsym postgresql-plpython3-11 postgresql-plpython3-11-dbgsym postgresql-pltcl-11 postgresql-pltcl-11-dbgsym postgresql-server-dev-11 postgresql-server-dev-11-dbgsym
Architecture: armhf
Version: 11.10-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: arm Build Daemon (arm-arm-01) <buildd_arm64-arm-arm-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 11
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-11 - object-relational SQL database, version 11 server
 postgresql-client-11 - front-end programs for PostgreSQL 11
 postgresql-plperl-11 - PL/Perl procedural language for PostgreSQL 11
 postgresql-plpython-11 - PL/Python procedural language for PostgreSQL 11
 postgresql-plpython3-11 - PL/Python 3 procedural language for PostgreSQL 11
 postgresql-pltcl-11 - PL/Tcl procedural language for PostgreSQL 11
 postgresql-server-dev-11 - development files for PostgreSQL 11 server-side programming
Closes: 974063
Changes:
 postgresql-11 (11.10-0+deb10u1) buster; urgency=medium
 .
   * New upstream version.
     + Fixes timetz regression test failures. (Closes: #974063)
 .
     + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers
       within index expressions and materialized view queries (Noah Misch)
 .
       This is essentially a leak in the security restricted operation sandbox
       mechanism.  An attacker having permission to create non-temporary SQL
       objects could parlay this leak to execute arbitrary SQL code as a
       superuser.
 .
       The PostgreSQL Project thanks Etienne Stalmans for reporting this
       problem. (CVE-2020-25695)
 .
     + Fix usage of complex connection-string parameters in pg_dump,
       pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)
 .
       The -d parameter of pg_dump and pg_restore, or the --maintenance-db
       parameter of the other programs mentioned, can be a connection string
       containing multiple connection parameters rather than just a database
       name.  In cases where these programs need to initiate additional
       connections, such as parallel processing or processing of multiple
       databases, the connection string was forgotten and just the basic
       connection parameters (database name, host, port, and username) were
       used for the additional connections.  This could lead to connection
       failures if the connection string included any other essential
       information, such as non-default SSL or GSS parameters. Worse, the
       connection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. (CVE-2020-25694)
 .
     + When psql's \connect command re-uses connection parameters, ensure that
       all non-overridden parameters from a previous connection string are
       re-used (Tom Lane)
 .
       This avoids cases where reconnection might fail due to omission of
       relevant parameters, such as non-default SSL or GSS options. Worse, the
       reconnection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. This is largely the same problem as
       just cited for pg_dump et al, although psql's behavior is more complex
       since the user may intentionally override some connection parameters.
       (CVE-2020-25694)
 .
     + Prevent psql's \gset command from modifying specially-treated variables
       (Noah Misch)
 .
       \gset without a prefix would overwrite whatever variables the server
       told it to.  Thus, a compromised server could set specially-treated
       variables such as PROMPT1, giving the ability to execute arbitrary shell
       code in the user's session.
 .
       The PostgreSQL Project thanks Nick Cleaton for reporting this problem.
       (CVE-2020-25696)
Checksums-Sha1:
 f5e5d229bd773824bccc0837ba3654986cdde90a 18908 libecpg-compat3-dbgsym_11.10-0+deb10u1_armhf.deb
 857424735b1bf997b1c2cc8c607cab3c328be448 17604 libecpg-compat3_11.10-0+deb10u1_armhf.deb
 802aeec6e721a741a1233e44d34691aca18be076 207608 libecpg-dev-dbgsym_11.10-0+deb10u1_armhf.deb
 46432ee84fccb503dbd65fe1675c02b0d79748a7 219716 libecpg-dev_11.10-0+deb10u1_armhf.deb
 1109d27f9bf45afd5d7d6a8a1268564090d229bd 110920 libecpg6-dbgsym_11.10-0+deb10u1_armhf.deb
 e6f2d3d0899f8caf6a10ac46d36a8ab7d513aeb6 81224 libecpg6_11.10-0+deb10u1_armhf.deb
 f37190446a3dc82ae0b622511f4865ef0add61ea 75496 libpgtypes3-dbgsym_11.10-0+deb10u1_armhf.deb
 d1a268aeb843a8a68ec6d6eb387f23e90992bcdd 37028 libpgtypes3_11.10-0+deb10u1_armhf.deb
 00a723a463c85ac4cb73a0a9b6dcf4258a08fa5d 151800 libpq-dev_11.10-0+deb10u1_armhf.deb
 b978decb1f350e974b3d477b5a9f585131ebcfa5 286508 libpq5-dbgsym_11.10-0+deb10u1_armhf.deb
 73f128a43b7efc826916e28cdeb0616a6c243fc2 153396 libpq5_11.10-0+deb10u1_armhf.deb
 0982980862da27fc5e54d97cd3b3c3bd7d22b0f0 18928160 postgresql-11-dbgsym_11.10-0+deb10u1_armhf.deb
 943f31da8675c549c6bc288f89fe92951ce0ad17 16378 postgresql-11_11.10-0+deb10u1_armhf-buildd.buildinfo
 f7c9d82ad45ecfad9763cadd19f0d1210a1842e1 13512236 postgresql-11_11.10-0+deb10u1_armhf.deb
 449d3df35f15176c25bb87848da8c3c5e38138ad 1865804 postgresql-client-11-dbgsym_11.10-0+deb10u1_armhf.deb
 d95999d995632d3d1a9ee016eff23a2a958f1280 1344688 postgresql-client-11_11.10-0+deb10u1_armhf.deb
 0412551e5cd9cf868d94ecd9f0e8ddb9ec1c36ac 246004 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 726b56e8ee26146606ccab5e8178f7dfb8519b15 61948 postgresql-plperl-11_11.10-0+deb10u1_armhf.deb
 ee2d2d85dc1e442ec51cb154cead23a9f5cb2340 304304 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armhf.deb
 e52a178784594287d1925383544c4c6588d24886 50484 postgresql-plpython-11_11.10-0+deb10u1_armhf.deb
 c8c2f4db7fabaa6c39aef712a2474128dcdb14a4 330676 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armhf.deb
 f89fc594393adc0050f91db9cca3b56dd942890f 66924 postgresql-plpython3-11_11.10-0+deb10u1_armhf.deb
 ad4543df532d37a5326670b2fe73c8db509d2dd8 98348 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 6a9bcd73464bc321714b2ef617d69e043d4ae16d 36796 postgresql-pltcl-11_11.10-0+deb10u1_armhf.deb
 62bfbd5c8b94d0be34cc2bef257d8c4f83585e56 101192 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armhf.deb
 6873ee3fc0bbc495298a82dca2a747ed5b57d09d 926136 postgresql-server-dev-11_11.10-0+deb10u1_armhf.deb
Checksums-Sha256:
 0e31aea8fc1ad35bcd21064d338f046d23f701fa9270e8bd5fbd0d27962fd049 18908 libecpg-compat3-dbgsym_11.10-0+deb10u1_armhf.deb
 298fcfcca980e3615936b81a794a3deff90b0917b236267c4f0aee4df778d845 17604 libecpg-compat3_11.10-0+deb10u1_armhf.deb
 8123c40ec84da740ede6dc625f9ef95ba779afc865802375f807f5f4a012aa2d 207608 libecpg-dev-dbgsym_11.10-0+deb10u1_armhf.deb
 ab425cbf773325c879bff53a8707131aa83a84e83180952264f2dbcfd656a746 219716 libecpg-dev_11.10-0+deb10u1_armhf.deb
 0624646f5ae69497d8458f170a8672ca65e549f77991b01e1a55539ebc359ee2 110920 libecpg6-dbgsym_11.10-0+deb10u1_armhf.deb
 0463679a9c95d49199d9b276c21c28af6428cda0db2fc1f35758a70daa928fc1 81224 libecpg6_11.10-0+deb10u1_armhf.deb
 55a56bd1cfc7513bff022f692592ca6eea2e2c8b99805b2d3959fb1bec5d9c11 75496 libpgtypes3-dbgsym_11.10-0+deb10u1_armhf.deb
 927d119e0a491ef67a3340f2cee49955e0d43069ac936f28baacf94a507a33b9 37028 libpgtypes3_11.10-0+deb10u1_armhf.deb
 d5b3c50f17a3dee551704a694b80c63b7b3e27e11e741ce69a42e6849878c2e3 151800 libpq-dev_11.10-0+deb10u1_armhf.deb
 7a15eb4dda23dbc90947073baae7de25284b3df3f7a3fcd6d8761576938f922b 286508 libpq5-dbgsym_11.10-0+deb10u1_armhf.deb
 6ffe165c71c47e7f299dbb354e09c712894728dc8f5e3fca4eaddc8aa5df5436 153396 libpq5_11.10-0+deb10u1_armhf.deb
 7e10c8d084328b523ffc0ef3f8b8cdb7ad5734089b9e072fb69b872e50eaec52 18928160 postgresql-11-dbgsym_11.10-0+deb10u1_armhf.deb
 f49373dce3e95727133be6486a452c075aca84428256d8fdf68db0ec69497d3c 16378 postgresql-11_11.10-0+deb10u1_armhf-buildd.buildinfo
 da8e9b56c8715230f9a778100dc2cf3fe12ac28c92655dc3a1605463c6bab5cc 13512236 postgresql-11_11.10-0+deb10u1_armhf.deb
 f5b0b3e65c1019a79027a6cf6e6ace8ead99db795ed68db54fdccae178f219be 1865804 postgresql-client-11-dbgsym_11.10-0+deb10u1_armhf.deb
 efc9ee82d3800748a4029a2f51b42ed4470e7b4ce4321b4a40142046d2c43669 1344688 postgresql-client-11_11.10-0+deb10u1_armhf.deb
 129013f7163a08523ec266a72ef338975226d05d5dc6baa0cb54e1b0f57bb2f2 246004 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 23140f96f736482541119716a70c72e8ca9e244b5c1c849056457fb8d131835d 61948 postgresql-plperl-11_11.10-0+deb10u1_armhf.deb
 23a44c9ed463dab49aa3a502f0b72f48848aadffcfc19617da2fac04f4ae1107 304304 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armhf.deb
 864ffe9c016df2b61a6f0b4084152c79caf3355ff9e0c9cf2ad8a867e3723cdb 50484 postgresql-plpython-11_11.10-0+deb10u1_armhf.deb
 e5c67b3abd655ad326d22eb436c1937f5152ed8899030603d13f81249fed8cd5 330676 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armhf.deb
 0a272b7823e9dceee7f1489837bbb7c9693e00e830bc380bccb237e31d27a481 66924 postgresql-plpython3-11_11.10-0+deb10u1_armhf.deb
 705a650dbfa122790a7b158f1367ffa351adee46c9964f355520b4d644500d2f 98348 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 da3e3a6a5224df2cf9414cad971a9bdfd403a183a743ebb460bf7fe985ef5f33 36796 postgresql-pltcl-11_11.10-0+deb10u1_armhf.deb
 32955db64dbc1f981e273c3a9abc6f3aa88f628b4af3d9545355f7f5a9c3db10 101192 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armhf.deb
 0b4c86f88f4cddebfd128145f4050fe01d60d779df0629f700c71b7af86c29be 926136 postgresql-server-dev-11_11.10-0+deb10u1_armhf.deb
Files:
 5fd356eba2acbc39d50392a0bd5ef781 18908 debug optional libecpg-compat3-dbgsym_11.10-0+deb10u1_armhf.deb
 5078d40f4ed22a1dd1220a837589e007 17604 libs optional libecpg-compat3_11.10-0+deb10u1_armhf.deb
 93aa149e56ac8d8cf1842101e2e31145 207608 debug optional libecpg-dev-dbgsym_11.10-0+deb10u1_armhf.deb
 cb2a93922c10a8d33b03411c1195a76f 219716 libdevel optional libecpg-dev_11.10-0+deb10u1_armhf.deb
 5d41df5060489b6a98ee11826a11ba5e 110920 debug optional libecpg6-dbgsym_11.10-0+deb10u1_armhf.deb
 1532066d417585a15bfaa03a915229f4 81224 libs optional libecpg6_11.10-0+deb10u1_armhf.deb
 4c8e692d4d655570bd45f129d64e3746 75496 debug optional libpgtypes3-dbgsym_11.10-0+deb10u1_armhf.deb
 9eea1d5f73dd56d6319dabf9bca0d2d4 37028 libs optional libpgtypes3_11.10-0+deb10u1_armhf.deb
 c926900ad4533628fd9c295f4e2bbcf9 151800 libdevel optional libpq-dev_11.10-0+deb10u1_armhf.deb
 48f8468aba9aaf25cfecbc55c1d4e8b3 286508 debug optional libpq5-dbgsym_11.10-0+deb10u1_armhf.deb
 4521710e622d1fd4d6c8b707942eb0a4 153396 libs optional libpq5_11.10-0+deb10u1_armhf.deb
 11ab47a451ae04320219793d02aa5ee2 18928160 debug optional postgresql-11-dbgsym_11.10-0+deb10u1_armhf.deb
 835139a9d13959dad5873692a7bb9e3c 16378 database optional postgresql-11_11.10-0+deb10u1_armhf-buildd.buildinfo
 90dd785cae532545e70dcc67a8058794 13512236 database optional postgresql-11_11.10-0+deb10u1_armhf.deb
 3be53c5bdc623ebb85c09eb8f72dbe09 1865804 debug optional postgresql-client-11-dbgsym_11.10-0+deb10u1_armhf.deb
 e8d383cb26fef74ee74a07712427f72f 1344688 database optional postgresql-client-11_11.10-0+deb10u1_armhf.deb
 d9126e40c62c8a766f64f6869cd5c781 246004 debug optional postgresql-plperl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 110d91672ea1fc0720cbffacc03d5ca1 61948 database optional postgresql-plperl-11_11.10-0+deb10u1_armhf.deb
 7e3e2c2f5c318b3c61306cf2af4dbaa0 304304 debug optional postgresql-plpython-11-dbgsym_11.10-0+deb10u1_armhf.deb
 3eb4a3455736c74e47769045adc3e1fe 50484 database optional postgresql-plpython-11_11.10-0+deb10u1_armhf.deb
 dd669062333bc99c07a513565bfb9b56 330676 debug optional postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_armhf.deb
 522b0214eff690ca4a5cec31caa9b63d 66924 database optional postgresql-plpython3-11_11.10-0+deb10u1_armhf.deb
 a283bca0f70f30a5b4576e332f70a2bd 98348 debug optional postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_armhf.deb
 61815de5d9107d75612daad6ec01c0d2 36796 database optional postgresql-pltcl-11_11.10-0+deb10u1_armhf.deb
 76279eb3cd96063ad7ac117ab27361d0 101192 debug optional postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_armhf.deb
 d4a76f264f9bd8ccb5f1327352f57c3c 926136 libdevel optional postgresql-server-dev-11_11.10-0+deb10u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ToD6g9DNjo7U9xsKJ2z+Bmy4N0FAl/Nn3kACgkQKJ2z+Bmy
4N2+6hAA4iBmU26JkB2iDucGnGK3O4SIBp2IxnAF00DNLXa6yfYT0tUNqzlRwV5v
2fJRxKoLNkaHcsQi1XzZQ4kex8ICdJyhVAyRFRvEy1tdRe0RQtWi0aOFNxm+hYoG
1M81j40hKJQtbXod1+pxErcN+dHLboz8q5iawd5IWvlD4zACOV0Rnop2n2/s9/gp
pT/cF8wiuRwA2UYC21e5F0nJeqToHJxsYkBrckuFZa+uGhHtEKJgcDIrQYXppHi0
mr2Nveu48GfN/uWLSa9JimZnV9Ajmhn8WaYiOCkoM7OK2KDuQDN1YC0jkB7Xvtbl
TZfBShPvrVB9/6M0BBGLp9/PYIqPeupkryCVeF3BVP1NcdzQOVePgSJMq+xPyEKa
dEBUL2AR87ziFLU3f325w4aIqU/S8B/UFOLOvbq0BuarciwIkdivefU296Y4NrMg
in5PA/NDm1Q+TG2iAhBHoXW1GMicxW/IaYnBcbHgcKrjIDLqGdnz+S3kW2OeBi+E
RRDpuQT3b1TrKU7aFasheR7OdiB3neef8DVM5fYvv0kvsOEJXnv9kiP11e5cgA8D
FnKc1z9MjHIGfgNz8qKnRtAGtM7CN9z+MF32CnJYWdlyJAmjwmdhj2OAmLlcpH4h
pFZ6h+c80cSLI8QWmnwo73bPxJsWI/ih/k/DTfKXjstpHYSCLGQ=
=6E8c
-----END PGP SIGNATURE-----