Format: 1.8
Date: Thu, 20 Aug 2020 11:29:14 +0200
Source: postgresql-12
Binary: libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-12 postgresql-client-12 postgresql-plperl-12 postgresql-plpython3-12 postgresql-pltcl-12 postgresql-server-dev-12
Architecture: ppc64el ppc64el_translations
Version: 12.4-0ubuntu0.20.04.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-023.buildd>
Changed-By: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 12
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-12 - object-relational SQL database, version 12 server
 postgresql-client-12 - front-end programs for PostgreSQL 12
 postgresql-plperl-12 - PL/Perl procedural language for PostgreSQL 12
 postgresql-plpython3-12 - PL/Python 3 procedural language for PostgreSQL 12
 postgresql-pltcl-12 - PL/Tcl procedural language for PostgreSQL 12
 postgresql-server-dev-12 - development files for PostgreSQL 12 server-side programming
Launchpad-Bugs-Fixed: 1892335
Changes:
 postgresql-12 (12.4-0ubuntu0.20.04.1) focal-security; urgency=medium
 .
   * New upstream release (LP: #1892335).
     - Set a secure search_path in logical replication walsenders and apply
       workers (Noah Misch)
 .
       A malicious user of either the publisher or subscriber database could
       potentially cause execution of arbitrary SQL code by the role running
       replication, which is often a superuser.  Some of the risks here are
       equivalent to those described in CVE-2018-1058, and are mitigated in
       this patch by ensuring that the replication sender and receiver execute
       with empty search_path settings. (As with CVE-2018-1058, that change
       might cause problems for under-qualified names used in replicated
       tables' DDL.)  Other risks are inherent in replicating objects that
       belong to untrusted roles; the most we can do is document that there is
       a hazard to consider.
       CVE-2020-14349
 .
     - Make contrib modules' installation scripts more secure (Tom Lane)
 .
       Attacks similar to those described in CVE-2018-1058 could be carried out
       against an extension installation script, if the attacker can create
       objects in either the extension's target schema or the schema of some
       prerequisite extension.  Since extensions often require superuser
       privilege to install, this can open a path to obtaining superuser
       privilege.  To mitigate this risk, be more careful about the search_path
       used to run an installation script; disable check_function_bodies within
       the script; and fix catalog-adjustment queries used in some contrib
       modules to ensure they are secure.  Also provide documentation to help
       third-party extension authors make their installation scripts secure.
       This is not a complete solution; extensions that depend on other
       extensions can still be at risk if installed carelessly.
       CVE-2020-14350
 .
     - Details about these and many further changes can be found at:
       https://www.postgresql.org/docs/10/static/release-12-3.html
       https://www.postgresql.org/docs/10/static/release-12-4.htm
Checksums-Sha1:
 3bf2b4a79d584c0e9831a63e915b4fdefd6d8dda 19524 libecpg-compat3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 35ea4cdd2fa081005153eadb6b9c137d2f8c9325 13292 libecpg-compat3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 bff523860324a0a7204a1ca42af4697e1a26f174 225480 libecpg-dev-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 ff921c9fba75d0716e12b0733310e818a8d52d24 242068 libecpg-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 cf8b4712cfa6102cf4512964536c8977b0ec006f 134604 libecpg6-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 473f2dbb8bd48385fe97f272f026f1b41d71b46a 47516 libecpg6_12.4-0ubuntu0.20.04.1_ppc64el.deb
 9c8d3b4be9d520f20906971ae753bf65dd930dcd 101692 libpgtypes3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 19b1739325125d49df6a2e9baea1b5a4a1985a66 47076 libpgtypes3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 785227a4009342cc30d254a73994cb881e9c546b 152052 libpq-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 84705b2b12344afbc8d668059acd78182aedea8d 351072 libpq5-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 7c3d2e3e28be65024d8a46fe6e548d5668346747 130380 libpq5_12.4-0ubuntu0.20.04.1_ppc64el.deb
 043e008c17475128ace076fc6ed62b9bf78488e8 22851480 postgresql-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 b464e03dcd892d8dd54d6836e9bd7efc9ab04dc5 16316 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.buildinfo
 7b13bdabf0c3807b7034f0ea10ccfe13a8b41bf6 13991420 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 b71db18aa01bed0e9b7a11065392acf9380f9a41 8500256 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el_translations.tar.gz
 44bddd304a2b86ed7f67acf3b4cce435d1dd7489 2538052 postgresql-client-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 3644293bf25b69b252efd73a4f6fd74c5290562a 1094676 postgresql-client-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 76782360c96f50fb9665716032515f38c91987a5 271716 postgresql-plperl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 8a676e71db9b6d44a34c8028db3e0ede4935dae0 67756 postgresql-plperl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 52f53164118e1d5ed2752befc426baddc40a9334 359300 postgresql-plpython3-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 ac418c90486664d0af725438d4da0acdd76efa2e 74104 postgresql-plpython3-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 a5cebda8de72fee7f7df77282c3837313f09f90d 104060 postgresql-pltcl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 658e3b61e1eb842da80f21b09759bfa1a5a2585d 28684 postgresql-pltcl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 d04cb3cc19f42639d5be9d1eecb1fe6d5c24212f 944692 postgresql-server-dev-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
Checksums-Sha256:
 c9b48c737f8fba475c3cb7313ea9c5b49510073196ab11f15c1d1ef4a20b6eda 19524 libecpg-compat3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 4451352879e037ea8a12c76ca60cb9aa4fe79e85fe92052887ae997ba5670c26 13292 libecpg-compat3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 f125b7449e10941d25f5feba8e597706e63746d4e48941a5da8c413ac47949c5 225480 libecpg-dev-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 6b60b8e936e331f302c67b21f6d57e07632a38873ff03ed1e8c991176220fc0d 242068 libecpg-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 544a96977f89d31ba457e79f94881a8080219b0f6600e437d38cf02e379613be 134604 libecpg6-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 3922f9bef1931e8de003241a20feba37d7043ffe5f42d263b78a6c7817d559e3 47516 libecpg6_12.4-0ubuntu0.20.04.1_ppc64el.deb
 7c27253f6b8357191d6659913b86cea7d5025516202bc079b14ee90bbd5e41e3 101692 libpgtypes3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 1d27e12fd7e94098ea0939e8f22fa3221e1b01ebf8ae4a39864fb84fb7028660 47076 libpgtypes3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 2076b13f962586e2e733be0b03d28f74a7ba2fba2f04468aed4ac301a259c1e7 152052 libpq-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 2447f90216e73982ed07ee364191e9e50ebd1429b7bf39c2911d35a06747a9c9 351072 libpq5-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 aca2ee4063a4cac8b5bf33896f168fc1c9743acb943327f6efbe5bf75fcad4b6 130380 libpq5_12.4-0ubuntu0.20.04.1_ppc64el.deb
 a1ed6f6432fb0cb0fa46bdb3ff6df90402b6d96737af18d5959489fd233843a4 22851480 postgresql-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 27daac31de396a252c03e630f9c9e5c7a15be0a0cf25b576a8b0364d224d0d43 16316 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.buildinfo
 7ee9484f4be7cdf1ca0fa830b5b8f197a678a8f6d15d6d2485935514c71cb35c 13991420 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 f8b46bd059c19a349458de0fb5d4df4129bd5e7215d0c76ee6cf7b4e3765fa56 8500256 postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el_translations.tar.gz
 277b17ebf2d61cef1e09b77b1de65bad64e529e266734ecc2e461a9f0b623c95 2538052 postgresql-client-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 e8f26987b0d8742f9307d0432399ab1306d4eb5241330668d6198ae6a186cc50 1094676 postgresql-client-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 6434203400fadec6d43269497e9f4652ddf0ff5e5d3a819079e3c32cdb3d9b3e 271716 postgresql-plperl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 b35a0002253f0b129ab0315eb6f0f54d1bf2067291ddd29c5fdb0a538793ec62 67756 postgresql-plperl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 562482f89b340326f986c92c0e8c9b274659f7cc8c844d71f5e4a118a156a351 359300 postgresql-plpython3-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 a0e250f8bf2d6814fb6f12de284f9abe889aebde95b1e918a3b8ba1efc780bdc 74104 postgresql-plpython3-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 b07410cda5e3ca740d86126f2ec44f0c3ff72c71c4ffb9913b5f5f54377520ee 104060 postgresql-pltcl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 600dbb918b393ed4fc7363369cc6fdfcea0f45e83accfb0090639b9f75462c88 28684 postgresql-pltcl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 afbba5b6f9c75b153767b13c777b1db63aa70b152914f10ddbfde9edd4ebe0ac 944692 postgresql-server-dev-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
Files:
 e822e064383057b39c1ed21151bd5650 19524 debug optional libecpg-compat3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 c9617aa0650d03362a846326c2f764bc 13292 libs optional libecpg-compat3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 de55cc4743abe2d98fba15869ae97c21 225480 debug optional libecpg-dev-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 7969dd2af6f273301cae2ee5532ecfe6 242068 libdevel optional libecpg-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 c79f6077abde8cfc8dd334b06a6b0d9a 134604 debug optional libecpg6-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 96e2833c55511611186728685d4cf5a2 47516 libs optional libecpg6_12.4-0ubuntu0.20.04.1_ppc64el.deb
 fe6bccac6e24198e57e13f30b188a9ca 101692 debug optional libpgtypes3-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 73636644cec322812a669694b16afd8b 47076 libs optional libpgtypes3_12.4-0ubuntu0.20.04.1_ppc64el.deb
 57aa1fe6c69b8286bef83995a57473a3 152052 libdevel optional libpq-dev_12.4-0ubuntu0.20.04.1_ppc64el.deb
 004a305de4d0631a6a11448c60505548 351072 debug optional libpq5-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 96720142aceb01b751cb9ca3951a95e9 130380 libs optional libpq5_12.4-0ubuntu0.20.04.1_ppc64el.deb
 44cc847ea054990d9cac25a56c75913a 22851480 debug optional postgresql-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 0070d694daf3026778ca66fd739865d1 16316 database optional postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.buildinfo
 564859299e96b8fd65af2b5491877b61 13991420 database optional postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 9f9220300c88432e42237208abdb156b 8500256 raw-translations - postgresql-12_12.4-0ubuntu0.20.04.1_ppc64el_translations.tar.gz
 8a97cedcc75f88af893d5f8557ff73a6 2538052 debug optional postgresql-client-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 1d647c880c3a475576b2e58ed393c068 1094676 database optional postgresql-client-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 747fe1b3feca7065dbf2935f02c0a2a2 271716 debug optional postgresql-plperl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 2e3f69ceae93c0de2a045085320ef173 67756 database optional postgresql-plperl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 3057e5c790aeff2dbb4f4baac96b1fc4 359300 debug optional postgresql-plpython3-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 260c29514a4267618acb4d3fe40d3933 74104 database optional postgresql-plpython3-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 dc5e677ab21c035729cb9107cb113175 104060 debug optional postgresql-pltcl-12-dbgsym_12.4-0ubuntu0.20.04.1_ppc64el.ddeb
 c7071004f635b3a5842e14c0271fbed2 28684 database optional postgresql-pltcl-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
 1fa35817025334328d9af1e6c6a4823d 944692 libdevel optional postgresql-server-dev-12_12.4-0ubuntu0.20.04.1_ppc64el.deb
Original-Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>