[ubuntu/lunar-security] postgresql-15 15.3-0ubuntu0.23.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed May 24 14:05:10 UTC 2023

postgresql-15 (15.3-0ubuntu0.23.04.1) lunar-security; urgency=medium

  * New upstream version (LP: #2019214).

    + A dump/restore is not required for those running 15.X.

    + Also, if you are upgrading from a version earlier than 15.1, see
      those release notes as well please.

    + Prevent CREATE SCHEMA from defeating changes in search_path
      (Alexander Lakhin)

      Within a CREATE SCHEMA command, objects in the prevailing
      search_path, as well as those in the newly-created schema, would be
      visible even within a called function or script that attempted to set
      a secure search_path. This could allow any user having permission to
      create a schema to hijack the privileges of a security definer
      function or extension script.

    + Enforce row-level security policies correctly after inlining a
      set-returning function (Stephen Frost, Tom Lane)

      If a set-returning SQL-language function refers to a table having
      row-level security policies, and it can be inlined into a calling
      query, those RLS policies would not get enforced properly in some
      cases involving re-using a cached plan under a different role. This
      could allow a user to see or modify rows that should have been

    + Details about these and many further changes can be found at:

Date: 2023-05-23 15:14:08.387070+00:00
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the lunar-changes mailing list