[ubuntu/eoan-security] postgresql-11 11.7-0ubuntu0.19.10.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Feb 18 12:34:59 UTC 2020

postgresql-11 (11.7-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * New upstream release (LP: #1863108)
    - A dump/restore is not required however, if you use the contrib/intarray
      extension with a GiST index, and you rely on indexed searches for the <@
      operator, see the release notes for details in regard to a related fix.
    - Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
      Marking an object as dependent on an extension did not have any
      privilege check whatsoever.  This oversight allowed any user to mark
      routines, triggers, materialized views, or indexes as droppable by
      anyone able to drop an extension.  Require that the calling user own the
      specified object (and hence have privilege to drop it). (CVE-2020-1720)
    - Details about these and many further changes can be found at:

Date: 2020-02-17 12:24:26.607500+00:00
Changed-By: Christian Ehrhardt  <christian.ehrhardt at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Eoan-changes mailing list