[ubuntu/eoan-updates] postgresql-11 11.7-0ubuntu0.19.10.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Feb 18 13:28:50 UTC 2020


postgresql-11 (11.7-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * New upstream release (LP: #1863108)
    - A dump/restore is not required however, if you use the contrib/intarray
      extension with a GiST index, and you rely on indexed searches for the <@
      operator, see the release notes for details in regard to a related fix.
    - Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
      Marking an object as dependent on an extension did not have any
      privilege check whatsoever.  This oversight allowed any user to mark
      routines, triggers, materialized views, or indexes as droppable by
      anyone able to drop an extension.  Require that the calling user own the
      specified object (and hence have privilege to drop it). (CVE-2020-1720)
    - Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/11/static/release-11-6.html
      https://www.postgresql.org/docs/11/static/release-11-7.html

Date: 2020-02-17 12:24:26.607500+00:00
Changed-By: Christian Ehrhardt  <christian.ehrhardt at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/postgresql-11/11.7-0ubuntu0.19.10.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Eoan-changes mailing list