Marcus Rückert 2024-05-09 14:13:19 +00:00 committed by Git OBS Bridge
parent 76fc3dce47
commit 481e8e504e
6 changed files with 30 additions and 5 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a
size 21208935

View File

@ -1 +0,0 @@
4f9919725d941ce9868e07fe1ed1d3a86748599b483386547583928b74c3918a postgresql-12.18.tar.bz2

3
postgresql-12.19.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb
size 21218699

View File

@ -0,0 +1 @@
617e3de52c22e822f4f57d01d5b2240503e198a9eccaf598a851109bd18e6fbb postgresql-12.19.tar.bz2

View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu May 9 14:09:31 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 12.19:
CVE-2024-4317: Restrict visibility of pg_stats_ext and
pg_stats_ext_exprs entries to the table owner
Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg_stats_ext_exprs allows an unprivileged database user to
read most common values and other statistics from CREATE
STATISTICS commands of other users. The most common values may
reveal column values the eavesdropper could not otherwise read or
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql12/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/12.19/
-------------------------------------------------------------------
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>

View File

@ -16,7 +16,7 @@
#
%define pgversion 12.18
%define pgversion 12.19
%define pgmajor 12
%define buildlibs 0
%define tarversion %{pgversion}