[ubuntu/eoan-security] postgresql-11 11.7-0ubuntu0.19.10.1 (Accepted)
marc.deslauriers at canonical.com
Tue Feb 18 12:34:59 UTC 2020
postgresql-11 (11.7-0ubuntu0.19.10.1) eoan-security; urgency=medium
* New upstream release (LP: #1863108)
- A dump/restore is not required however, if you use the contrib/intarray
extension with a GiST index, and you rely on indexed searches for the <@
operator, see the release notes for details in regard to a related fix.
- Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
Marking an object as dependent on an extension did not have any
privilege check whatsoever. This oversight allowed any user to mark
routines, triggers, materialized views, or indexes as droppable by
anyone able to drop an extension. Require that the calling user own the
specified object (and hence have privilege to drop it). (CVE-2020-1720)
- Details about these and many further changes can be found at:
Date: 2020-02-17 12:24:26.607500+00:00
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes