| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Moritz Mühlenhoff <jmm(at)inutil(dot)org> |
| Cc: | Debian Security Team <team(at)security(dot)debian(dot)org>, PostgreSQL in Debian <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | postgresql-15 (15.10-0+deb12u1) and a fix for CVE-2024-10978 |
| Date: | 2024-11-21 11:51:30 |
| Message-ID: | Zz8ewkTOHug5VdcT@msg.df7cb.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
Re: Moritz Mühlenhoff
> Ok, no problem. We'll release that revised update via bookworm-security
> as well, then.
Hi,
new PG15 uploaded:
postgresql-15 (15.10-0+deb12u1) bookworm-security; urgency=medium
* New upstream version 15.10.
+ Repair ABI break for extensions that work with struct ResultRelInfo
Last week's minor releases unintentionally broke binary compatibility
with timescaledb and several other extensions. Restore the affected
structure to its previous size, so that such extensions need not be
rebuilt.
+ Restore functionality of ALTER {ROLE|DATABASE} SET role
The fix for CVE-2024-10978 accidentally caused settings for role to not
be applied if they come from non-interactive sources, including previous
ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
-- Christoph Berg <myon(at)debian(dot)org> Tue, 19 Nov 2024 15:36:12 +0100
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | apt.postgresql.org Repository Update | 2024-11-21 12:49:11 | powa-web updated to version 5.0.0-1.pgdg+1 |
| Previous Message | apt.postgresql.org Repository Update | 2024-11-19 17:02:04 | powa-collector updated to version 1.3.0-1.pgdg+1 |