-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Dec 2020 10:04:12 +0100
Source: postgresql-11
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-11 postgresql-11-dbgsym postgresql-client-11 postgresql-client-11-dbgsym postgresql-plperl-11 postgresql-plperl-11-dbgsym postgresql-plpython-11 postgresql-plpython-11-dbgsym postgresql-plpython3-11 postgresql-plpython3-11-dbgsym postgresql-pltcl-11 postgresql-pltcl-11-dbgsym postgresql-server-dev-11 postgresql-server-dev-11-dbgsym
Architecture: i386
Version: 11.10-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 11
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-11 - object-relational SQL database, version 11 server
 postgresql-client-11 - front-end programs for PostgreSQL 11
 postgresql-plperl-11 - PL/Perl procedural language for PostgreSQL 11
 postgresql-plpython-11 - PL/Python procedural language for PostgreSQL 11
 postgresql-plpython3-11 - PL/Python 3 procedural language for PostgreSQL 11
 postgresql-pltcl-11 - PL/Tcl procedural language for PostgreSQL 11
 postgresql-server-dev-11 - development files for PostgreSQL 11 server-side programming
Closes: 974063
Changes:
 postgresql-11 (11.10-0+deb10u1) buster; urgency=medium
 .
   * New upstream version.
     + Fixes timetz regression test failures. (Closes: #974063)
 .
     + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers
       within index expressions and materialized view queries (Noah Misch)
 .
       This is essentially a leak in the security restricted operation sandbox
       mechanism.  An attacker having permission to create non-temporary SQL
       objects could parlay this leak to execute arbitrary SQL code as a
       superuser.
 .
       The PostgreSQL Project thanks Etienne Stalmans for reporting this
       problem. (CVE-2020-25695)
 .
     + Fix usage of complex connection-string parameters in pg_dump,
       pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)
 .
       The -d parameter of pg_dump and pg_restore, or the --maintenance-db
       parameter of the other programs mentioned, can be a connection string
       containing multiple connection parameters rather than just a database
       name.  In cases where these programs need to initiate additional
       connections, such as parallel processing or processing of multiple
       databases, the connection string was forgotten and just the basic
       connection parameters (database name, host, port, and username) were
       used for the additional connections.  This could lead to connection
       failures if the connection string included any other essential
       information, such as non-default SSL or GSS parameters. Worse, the
       connection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. (CVE-2020-25694)
 .
     + When psql's \connect command re-uses connection parameters, ensure that
       all non-overridden parameters from a previous connection string are
       re-used (Tom Lane)
 .
       This avoids cases where reconnection might fail due to omission of
       relevant parameters, such as non-default SSL or GSS options. Worse, the
       reconnection might succeed but not be encrypted as intended, or be
       vulnerable to man-in-the-middle attacks that the intended connection
       parameters would have prevented. This is largely the same problem as
       just cited for pg_dump et al, although psql's behavior is more complex
       since the user may intentionally override some connection parameters.
       (CVE-2020-25694)
 .
     + Prevent psql's \gset command from modifying specially-treated variables
       (Noah Misch)
 .
       \gset without a prefix would overwrite whatever variables the server
       told it to.  Thus, a compromised server could set specially-treated
       variables such as PROMPT1, giving the ability to execute arbitrary shell
       code in the user's session.
 .
       The PostgreSQL Project thanks Nick Cleaton for reporting this problem.
       (CVE-2020-25696)
Checksums-Sha1:
 c1582d16993416d9cd6d110d4854b13a121d3091 16748 libecpg-compat3-dbgsym_11.10-0+deb10u1_i386.deb
 f2871aa7d75e40d54a0dbfa0827213473cab5fcc 19300 libecpg-compat3_11.10-0+deb10u1_i386.deb
 93414f0fa6d67abae5689858d360449b63645b21 247772 libecpg-dev-dbgsym_11.10-0+deb10u1_i386.deb
 39ced190c8cc56c41f636f0ea2765266e47ef482 245108 libecpg-dev_11.10-0+deb10u1_i386.deb
 5df26554d811980634c1a94a8f42636509dbabd4 100308 libecpg6-dbgsym_11.10-0+deb10u1_i386.deb
 ec51cc9b9405b95f2df3e8a6dcf07789e62918b7 90884 libecpg6_11.10-0+deb10u1_i386.deb
 5bfc65b735c1bca869c7c5607362b1ef2079d265 70128 libpgtypes3-dbgsym_11.10-0+deb10u1_i386.deb
 1cc6a693a995c7d03e4b35a17fbd8c6d7f300854 43124 libpgtypes3_11.10-0+deb10u1_i386.deb
 d9b154d95a6e66bde2e23f208847749054ad5cef 173704 libpq-dev_11.10-0+deb10u1_i386.deb
 13e3f1dc426f817c9f430cde49dd2633ddef220d 261088 libpq5-dbgsym_11.10-0+deb10u1_i386.deb
 ff165064e71994d2485e218072f857b6e921fade 175572 libpq5_11.10-0+deb10u1_i386.deb
 90157ac40e38f77487457b7a112fa2016de35540 18068096 postgresql-11-dbgsym_11.10-0+deb10u1_i386.deb
 5d29c4c11e143d42047588b18f2cdacc356ebfd9 16486 postgresql-11_11.10-0+deb10u1_i386.buildinfo
 f58d45b141af5dd97956c23f6e5e99bff95ee3a3 14283080 postgresql-11_11.10-0+deb10u1_i386.deb
 35eb5de76b1df7b595e4de2d6980292da3693d60 1637364 postgresql-client-11-dbgsym_11.10-0+deb10u1_i386.deb
 025d9c5566e9124ff38c0d125db9b142d2e6a5d6 1418736 postgresql-client-11_11.10-0+deb10u1_i386.deb
 9141bad24b6f84dea7dc8acf92164d86d04f0cd4 235676 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_i386.deb
 55aee980046f02c728b82d7ddbd8f02d1895d7e7 70820 postgresql-plperl-11_11.10-0+deb10u1_i386.deb
 f774825344fc9629b801dad0f344078ead49b278 289420 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_i386.deb
 e4e7111292c6cd20b7056987a11097cfd4a9dc83 60908 postgresql-plpython-11_11.10-0+deb10u1_i386.deb
 4005c9dd464eff5d6ce4a1ca10c2fab51f25de4c 317788 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_i386.deb
 511ccf7a5470b9f1310c3581a82c47eea030b23e 76596 postgresql-plpython3-11_11.10-0+deb10u1_i386.deb
 53ca8fbcdd9f58e0ad19c801ba05ed42788bd75e 92988 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_i386.deb
 dafad7b61c52ac61a26e4eae318b52335922ff83 41184 postgresql-pltcl-11_11.10-0+deb10u1_i386.deb
 88adc70f214fce6b183e85a9fd2ebd70aa071f14 90776 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_i386.deb
 6ece4f078135ce6996beaee7f8be882d201ab5ce 943404 postgresql-server-dev-11_11.10-0+deb10u1_i386.deb
Checksums-Sha256:
 cc5f22f0f998a44431be5bc1dc74f68e947dbb7080c0676960e990269971473a 16748 libecpg-compat3-dbgsym_11.10-0+deb10u1_i386.deb
 d9138451f43b0687239d388780e093d7f720d4d0d793f89ab29bbfe99a17d8cf 19300 libecpg-compat3_11.10-0+deb10u1_i386.deb
 666e7458c4cca360b5b4bfeafd7da1b9d0c49be609fabe15a17a12fc11adb18d 247772 libecpg-dev-dbgsym_11.10-0+deb10u1_i386.deb
 5558bef2d813f79a7c0f157218ebfdf28db27ed54cb4508d9a0969a3d729f932 245108 libecpg-dev_11.10-0+deb10u1_i386.deb
 31e963c8074a37b27e76e4689bfe847471765fa060312d06079c598dbcf32817 100308 libecpg6-dbgsym_11.10-0+deb10u1_i386.deb
 485b619eebc400264697c62e9f3ffb047df0ce185ec5017a1a76d1df69507f0a 90884 libecpg6_11.10-0+deb10u1_i386.deb
 740c6843fecf3fb910fb2ed2feeb9b54175719e4020521ca9b670d78d9187ec6 70128 libpgtypes3-dbgsym_11.10-0+deb10u1_i386.deb
 f69df0a6ee82691d8c2af3c0cfcea739ae6d70f75c64d06412b14508a7556bae 43124 libpgtypes3_11.10-0+deb10u1_i386.deb
 b745f55e69751539436cc1390edd494174544c28b08d5862f5695c596a6acd62 173704 libpq-dev_11.10-0+deb10u1_i386.deb
 1cb963a08e1ae85b62608cfa439e3e33319d21b10a7b63521343321b205da0d2 261088 libpq5-dbgsym_11.10-0+deb10u1_i386.deb
 9c00a7c1a779c54fc79cc36ae2dc6474075c665ed2415b7fa35c31a998b1c15f 175572 libpq5_11.10-0+deb10u1_i386.deb
 dd289751fbfccf5b402169d534f6818299ea12901066d365acd3f00841885002 18068096 postgresql-11-dbgsym_11.10-0+deb10u1_i386.deb
 8e12bb4bf2dc883b284b4503dbba5b4965a18648b5c7dee7ac99029b534f2dc5 16486 postgresql-11_11.10-0+deb10u1_i386.buildinfo
 c8415998b764919e16ec8e383c6db7558a024324c38ea0cb501014b1131d1f43 14283080 postgresql-11_11.10-0+deb10u1_i386.deb
 89e3a844730b79b00c99f2cf8450fa91a0fde15db100899fa79bdf74c3d0520c 1637364 postgresql-client-11-dbgsym_11.10-0+deb10u1_i386.deb
 3ffc04bd9cca85455c09e7217d6a1c4dfc1252bc286117788a583a8eaaf14c05 1418736 postgresql-client-11_11.10-0+deb10u1_i386.deb
 c5a17011ad076ef2730eb4add14b9b1eaac7622adf0f8a2e440e85be35bbf137 235676 postgresql-plperl-11-dbgsym_11.10-0+deb10u1_i386.deb
 df249075f28dd63acad4866b9138bd5419ea6085d655034b825f22d7601b4041 70820 postgresql-plperl-11_11.10-0+deb10u1_i386.deb
 0fee5fe1a920a2fb6962835482ed4d3d5e9e53bbeae9ddf6558bd101e1ef2275 289420 postgresql-plpython-11-dbgsym_11.10-0+deb10u1_i386.deb
 6fcfe95e9e45a7b44f0a6e165258dbf106921db92e9497770752b83285f78125 60908 postgresql-plpython-11_11.10-0+deb10u1_i386.deb
 6affe011549d0d70b1a26c18db0f4aa984e3f3a15b74b7a6a4007f0c28e68eb9 317788 postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_i386.deb
 01b5764d68f4d92406b4be84a60c10ea4276e364d891044038e42b17acb15533 76596 postgresql-plpython3-11_11.10-0+deb10u1_i386.deb
 d1138bf6696a78821b295e66e720ced93f6b3c5c99eaf04054403bd06fee5f69 92988 postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_i386.deb
 52d6dc9a5e3dfac09ac901772450f1b7cbbeb579ed1bb760d7b69f2416002230 41184 postgresql-pltcl-11_11.10-0+deb10u1_i386.deb
 874c5e877b2f529bd428554c5a8e309743ea38bc6a0c53b4dbc036e51a3029dc 90776 postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_i386.deb
 21ee5ce9b8f645537069bcb5d3594040864aa44adc2a46e2d0f46ca8943d9dee 943404 postgresql-server-dev-11_11.10-0+deb10u1_i386.deb
Files:
 1775a1d0bf4b0cdea445d68a836e2049 16748 debug optional libecpg-compat3-dbgsym_11.10-0+deb10u1_i386.deb
 fa0d87f5ff84169915cda9dd664f5d88 19300 libs optional libecpg-compat3_11.10-0+deb10u1_i386.deb
 e42305febfda98cfb411d930dee80037 247772 debug optional libecpg-dev-dbgsym_11.10-0+deb10u1_i386.deb
 3839bede80f3f5f7752811ce2d6b8ed7 245108 libdevel optional libecpg-dev_11.10-0+deb10u1_i386.deb
 43637d46a2c51ae5556cf890ea2a60e1 100308 debug optional libecpg6-dbgsym_11.10-0+deb10u1_i386.deb
 3668e3397768cef71c7108a47a90114e 90884 libs optional libecpg6_11.10-0+deb10u1_i386.deb
 d72e5f1e91c917e52749c227448e4aae 70128 debug optional libpgtypes3-dbgsym_11.10-0+deb10u1_i386.deb
 df6c04343d1889ed3a6dee0fded6cccd 43124 libs optional libpgtypes3_11.10-0+deb10u1_i386.deb
 cbb7abc1fb47a66f4cb56c286aab5c5f 173704 libdevel optional libpq-dev_11.10-0+deb10u1_i386.deb
 f890a060d8a0c6b241383d1cb18f9e1f 261088 debug optional libpq5-dbgsym_11.10-0+deb10u1_i386.deb
 73b291bd9043d7bb657b3ad73e5ff5ba 175572 libs optional libpq5_11.10-0+deb10u1_i386.deb
 da307396604fe86b4acf4c9b65faa6f1 18068096 debug optional postgresql-11-dbgsym_11.10-0+deb10u1_i386.deb
 a2b212021137dc86a99368184909a5c7 16486 database optional postgresql-11_11.10-0+deb10u1_i386.buildinfo
 6c55fc81063323105024ef38a768f034 14283080 database optional postgresql-11_11.10-0+deb10u1_i386.deb
 e4bf590e2614d8c8b5524690bcf52f4c 1637364 debug optional postgresql-client-11-dbgsym_11.10-0+deb10u1_i386.deb
 4da0b2461cb3c8a68832f891a7a3e172 1418736 database optional postgresql-client-11_11.10-0+deb10u1_i386.deb
 6ffd52de420d3974b8f38b04348709d9 235676 debug optional postgresql-plperl-11-dbgsym_11.10-0+deb10u1_i386.deb
 5344fbbbf59102de4dcfb76b56eb4cd7 70820 database optional postgresql-plperl-11_11.10-0+deb10u1_i386.deb
 1a5eeafcfdb022425ed7d49f7e44a792 289420 debug optional postgresql-plpython-11-dbgsym_11.10-0+deb10u1_i386.deb
 ddf24af9fff166df5fbbd3d455c0023a 60908 database optional postgresql-plpython-11_11.10-0+deb10u1_i386.deb
 eca0b908274458109af81c2370b4175d 317788 debug optional postgresql-plpython3-11-dbgsym_11.10-0+deb10u1_i386.deb
 bd61852b08cc9a29cb6e190871d7123b 76596 database optional postgresql-plpython3-11_11.10-0+deb10u1_i386.deb
 6aa593e2938d7b67f7b01c88b919a81c 92988 debug optional postgresql-pltcl-11-dbgsym_11.10-0+deb10u1_i386.deb
 5a5437b89e0c16a46c69c988ef1f8226 41184 database optional postgresql-pltcl-11_11.10-0+deb10u1_i386.deb
 79709e4d1bab21428448af1b4b0d6847 90776 debug optional postgresql-server-dev-11-dbgsym_11.10-0+deb10u1_i386.deb
 bbc04ab66dff84aa57d4308fc90f5f5b 943404 libdevel optional postgresql-server-dev-11_11.10-0+deb10u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEEpT/v0s5mF3UNlto3DCASsKGSoMFAl/NniEACgkQ3DCASsKG
SoPUsA//Rh8Mpahe9X6MyHewdz3I5YiHYWnYpr7eHoO1KplBhxAJzFMj1fJDZ34B
ZhdPTUgpzqxO0ZaZV8DekB7wx9xOK1pyCFmo6Orw6TXsk0SLhp5mLTuFcY3xrwj1
sXBPZiZGldCHPNronF+hym3Gcm7olqLD52B4NR46uXpRSSnr+/Cx77GcNOjGQly1
JzYQ1+JbnVR0oFRRNylVbOOl+X2PYI70vJC6MqDhq5cZiG7ogQxxvmHuWNUsM3yF
C7ZKMmeofSm8T87+LhZm/eshsOvpYJ8nYvZh5RMFXmGAFrPdSnJE5k0cMlXFfUaN
QJH84FbWHVqYsbZUw2K/K0AdMF16sovkeYbNkynvySsPn8o3vTiwZFcWoN+ebefc
onQbMV7PdGedI53GcyTFQpmHEPwwsB9QKWuMMK9bwOEPvC23ByotAg3b8quv6kzQ
Xg4WhzC21AiYK6dIg8qfM3VM/SVh+yqxkYJebtJp+jBdjna7ya3xwdEU+GNPMVi1
VZ4ppo3hn6WO5ZEHU7v14T8a1vtcdDA5t2fd3WXwZPrsUaq5rjaUjxiIWTmQTAhZ
LN26NArdjhfcYwWM4eLEVKBCyxrbm2AzaBq8AuIltR6RWWhadDRDr0Mu/p+SsQwp
riToEXVafZf8vNMpv4T8hQ3IxzC/iuFlrZmjLGoXua649vBDSgc=
=rj8V
-----END PGP SIGNATURE-----