-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Aug 2025 13:03:55 +0200
Source: postgresql-17
Architecture: source
Version: 17.6-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Closes: 1107984
Changes:
 postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium
 .
   * New upstream version 17.6.
 .
     + Tighten security checks in planner estimation functions (Dean Rasheed)
 .
       The fix for CVE-2017-7484, plus followup fixes, intended to prevent
       leaky functions from being applied to statistics data for columns that
       the calling user does not have permission to read.  Two gaps in that
       protection have been found.  One gap applies to partitioning and
       inheritance hierarchies where RLS policies on the tables should restrict
       access to statistics data, but did not.
 .
       The other gap applies to cases where the query accesses a table via a
       view, and the view owner has permissions to read the underlying table
       but the calling user does not have permissions on the view. The view
       owner's permissions satisfied the security checks, and the leaky
       function would get applied to the underlying table's statistics before
       we check the calling user's permissions on the view.  This has been
       fixed by making security checks on views occur at the start of planning.
       That might cause permissions failures to occur earlier than before.
 .
       The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
       (CVE-2025-8713)
 .
     + Prevent pg_dump scripts from being used to attack the user running the
       restore (Nathan Bossart)
 .
       Since dump/restore operations typically involve running SQL commands as
       superuser, the target database installation must trust the source
       server.  However, it does not follow that the operating system user who
       executes psql to perform the restore should have to trust the source
       server.  The risk here is that an attacker who has gained
       superuser-level control over the source server might be able to cause it
       to emit text that would be interpreted as psql meta-commands. That would
       provide shell-level access to the restoring user's own account,
       independently of access to the target database.
 .
       To provide a positive guarantee that this can't happen, extend psql with
       a \restrict command that prevents execution of further meta-commands,
       and teach pg_dump to issue that before any data coming from the source
       server.
 .
       The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
       RyotaK for reporting this problem. (CVE-2025-8714)
 .
     + Convert newlines to spaces in names included in comments in pg_dump
       output (Noah Misch)
 .
       Object names containing newlines offered the ability to inject arbitrary
       SQL commands into the output script.  (Without the preceding fix,
       injection of psql meta-commands would also be possible this way.)
       CVE-2012-0868 fixed this class of problem at the time, but later work
       reintroduced several cases.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2025-8715)
 .
   * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984)
   * Drop hurd-iovec patch, implemented upstream.
Checksums-Sha1:
 3ceb7c397a5e6a28b6dee67a81d94239afb48458 4277 postgresql-17_17.6-0+deb13u1.dsc
 9fc28852dc56be1886132e4ae7d64e0f744fdc31 21623975 postgresql-17_17.6.orig.tar.bz2
 0afd29414a2bb5d257a12aabc2c305a27037f661 28656 postgresql-17_17.6-0+deb13u1.debian.tar.xz
Checksums-Sha256:
 5210a623d9a2a4c68bf2efcbeb38f3357579f8e7a80ddfb9afa30350e294b592 4277 postgresql-17_17.6-0+deb13u1.dsc
 e0630a3600aea27511715563259ec2111cd5f4353a4b040e0be827f94cd7a8b0 21623975 postgresql-17_17.6.orig.tar.bz2
 670be1c39b4642af68b5a8ccea2cbcb731b31e53d47a0145c7750410084d64b3 28656 postgresql-17_17.6-0+deb13u1.debian.tar.xz
Files:
 499bd0e0648dc256dbf239bfca862b98 4277 database optional postgresql-17_17.6-0+deb13u1.dsc
 e72b7e5dc22d44d56b113ed1f74e4084 21623975 database optional postgresql-17_17.6.orig.tar.bz2
 27bae2dc9e0921f3f537ca4cc9cad8d4 28656 database optional postgresql-17_17.6-0+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmicfoUACgkQTFprqxLS
p66Xqg/9GKlMbejA2tt4dg2Xch009q+jqIFw5o9nzYNoDQPYusEzSgDMNJndllZx
uVAKrpFxtFycNZyLJh7Ek9b4dka7m3a/JgTtLiAnoopvPjLMzuN4ZgnJmFRNXM6w
Y2qTUfnmK8su2XCgpCfU8YMGbcTHtcOXaTqfAOvsnxs0k6xM+p4q85fdavc+kud1
dCqc5rsB7KhFZbuDqYOaBSsexLhxVvEVfVkdGyRHBN0Xa+bS7KhLaAd5SrwclAu8
DDz7BUMkWF9NBoxQ8YryEEqYnRnizTOpaMZhWuPFIE0xAd7WbAzZzk6xH68UpHrw
t9H82Xquu2fxwZYnwKbaHDOg3mJsKo3f/9eOn4AicskYWo0zQuStUecq8uKF3OKd
xUgdqF5Q0gi4CoKVvI1xVkiOh5xG6bXws7ma2ujZq7no+Zd1HyYWW7BTW3CQrbof
KM1bF+/TBfg1I6e1Y47iYiCEP5iqf6JOkqB9zS9VsSaEtuu0PO5neZjfzbQlSXNz
0P2wXHWyhGAexbXYka+sxoyjTE/Af3j5B/3VXDd82fqe2vkWMgHGes+THu3Indau
wIIOKoFddZQui1kTvC6UtjPOIsauSMY2kRfjUW7azIM5Fn8a9aHL7VLYnPzfHcho
bQJ32Maw5ePByT3yjVOlfTf/M59xJ1Bc2eYQhHzs3Rcnw2cyc3E=
=ybv5
-----END PGP SIGNATURE-----