[ubuntu/bionic-security] postgresql-10 10.23-0ubuntu0.18.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed May 24 14:05:00 UTC 2023
postgresql-10 (10.23-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: CREATE SCHEMA ... schema_element defeats protective
search_path changes
- debian/patches/CVE-2023-2454-1.patch: replace last
PushOverrideSearchPath() call with set_config_option() in
src/backend/catalog/namespace.c, src/backend/commands/schemacmds.c,
src/test/regress/expected/namespace.out,
src/test/regress/sql/namespace.sql.
- debian/patches/CVE-2023-2454-2.patch: adjust sepgsql expected output
for 681d9e462 et al in contrib/sepgsql/expected/ddl.out.
- CVE-2023-2454
* SECURITY UPDATE: Row security policies disregard user ID changes after
inlining
- debian/patches/CVE-2023-2455.patch: handle RLS dependencies in
inlined set-returning functions properly in
src/backend/optimizer/util/clauses.c,
src/test/regress/expected/rowsecurity.out,
src/test/regress/sql/rowsecurity.sql.
- CVE-2023-2455
postgresql-10 (10.23-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream version (LP: #1996770).
+ A dump/restore is not required for those running 10.X.
+ Also, if you are upgrading from a version earlier than 10.19, see
those release notes as well please.
+ Disallow rules named _RETURN that are not ON SELECT rules (Tom Lane).
+ Fix use-after-free hazard in string comparisons. (Tom Lane)
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/release-10-23.html
Date: 2023-05-23 18:21:07.614662+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-10/10.23-0ubuntu0.18.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list