[ubuntu/bionic-updates] postgresql-10 10.23-0ubuntu0.18.04.2 (Accepted)

[Ubuntu Archive Robot]

postgresql-10 (10.23-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: CREATE SCHEMA ... schema_element defeats protective
    search_path changes
    - debian/patches/CVE-2023-2454-1.patch: replace last
      PushOverrideSearchPath() call with set_config_option() in
      src/backend/catalog/namespace.c, src/backend/commands/schemacmds.c,
      src/test/regress/expected/namespace.out,
      src/test/regress/sql/namespace.sql.
    - debian/patches/CVE-2023-2454-2.patch: adjust sepgsql expected output
      for 681d9e462 et al in contrib/sepgsql/expected/ddl.out.
    - CVE-2023-2454
  * SECURITY UPDATE: Row security policies disregard user ID changes after
    inlining
    - debian/patches/CVE-2023-2455.patch: handle RLS dependencies in
      inlined set-returning functions properly in
      src/backend/optimizer/util/clauses.c,
      src/test/regress/expected/rowsecurity.out,
      src/test/regress/sql/rowsecurity.sql.
    - CVE-2023-2455

Date: 2023-05-23 18:21:07.614662+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-10/10.23-0ubuntu0.18.04.2
-------------- next part --------------
Sorry, changesfile not available.