Marcus Rückert 2024-05-09 14:13:25 +00:00 committed by Git OBS Bridge
parent 5711f8ba9d
commit 6c6602560a
6 changed files with 30 additions and 5 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed
size 21584146

View File

@ -1 +0,0 @@
b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed postgresql-13.14.tar.bz2

3
postgresql-13.15.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925
size 21597871

View File

@ -0,0 +1 @@
42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 postgresql-13.15.tar.bz2

View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu May 9 14:08:06 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 13.15:
CVE-2024-4317: Restrict visibility of pg_stats_ext and
pg_stats_ext_exprs entries to the table owner
Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg_stats_ext_exprs allows an unprivileged database user to
read most common values and other statistics from CREATE
STATISTICS commands of other users. The most common values may
reveal column values the eavesdropper could not otherwise read or
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql13/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/13.15/
-------------------------------------------------------------------
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>

View File

@ -16,7 +16,7 @@
#
%define pgversion 13.14
%define pgversion 13.15
%define pgmajor 13
%define buildlibs 0
%define tarversion %{pgversion}