[ubuntu/eoan-proposed] postgresql-11 11.5-1 (Accepted)

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Thu Aug 8 17:15:29 UTC 2019 

postgresql-11 (11.5-1) unstable; urgency=medium

  * New upstream version.

    + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247)

    + No longer picks "UCT" as timezone spelling. (Closes: #929953)

    + Require schema qualification to cast to a temporary type when using
      functional cast syntax (Noah Misch)

      We have long required invocations of temporary functions to explicitly
      specify the temporary schema, that is pg_temp.func_name(args). Require
      this as well for casting to temporary types using functional notation,
      for example pg_temp.type_name(arg). Otherwise it's possible to capture a
      function call using a temporary object, allowing privilege escalation in
      much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)

    + Fix execution of hashed subplans that require cross-type comparison
      (Tom Lane, Andreas Seltenreich)

      Hashed subplans used the outer query's original comparison operator to
      compare entries of the hash table.  This is the wrong thing if that
      operator is cross-type, since all the hash table entries will be of the
      subquery's output type.  For the set of hashable cross-type operators in
      core PostgreSQL, this mistake seems nearly harmless on 64-bit machines,
      but it can result in crashes or perhaps unauthorized disclosure of
      server memory on 32-bit machines.  Extensions might provide hashable
      cross-type operators that create larger risks. (CVE-2019-10209)

  * debian/pycompat: Obsolete, remove.
  * debian/patches: Add missing patch documentation.
  * debian/rules: Use /usr/share/dpkg/pkg-info.mk and vendor.mk for
    --with-extra-version.
  * debian/*.symbols: Add Build-Depends-Package information.
  * debian/tests: Also run regression tests.
  * debian/tests/control: Add fakeroot to dependencies.

Date: 2019-08-08 16:51:28.956308+00:00
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/postgresql-11/11.5-1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Eoan-changes mailing list