CVE-2024-4317
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=86
This commit is contained in:
parent
5711f8ba9d
commit
6c6602560a
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed
|
||||
size 21584146
|
@ -1 +0,0 @@
|
||||
b8df078551898960bd500dc5d38a177e9905376df81fe7f2b660a1407fa6a5ed postgresql-13.14.tar.bz2
|
3
postgresql-13.15.tar.bz2
Normal file
3
postgresql-13.15.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925
|
||||
size 21597871
|
1
postgresql-13.15.tar.bz2.sha256
Normal file
1
postgresql-13.15.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
42edd415446d33b8c242be76d1ad057531b2264b2e86939339b7075c6e4ec925 postgresql-13.15.tar.bz2
|
@ -1,3 +1,28 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu May 9 14:08:06 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
|
||||
|
||||
- Upgrade to 13.15:
|
||||
CVE-2024-4317: Restrict visibility of pg_stats_ext and
|
||||
pg_stats_ext_exprs entries to the table owner
|
||||
|
||||
Missing authorization in PostgreSQL built-in views pg_stats_ext
|
||||
and pg_stats_ext_exprs allows an unprivileged database user to
|
||||
read most common values and other statistics from CREATE
|
||||
STATISTICS commands of other users. The most common values may
|
||||
reveal column values the eavesdropper could not otherwise read or
|
||||
results of functions they cannot execute.
|
||||
|
||||
This fix only fixes fresh PostgreSQL installations, namely those
|
||||
that are created with the initdb utility after this fix is
|
||||
applied. If you have a current PostgreSQL installation and are
|
||||
concerned about this issue, please follow the instructions in the
|
||||
"Updating" section on this link:
|
||||
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
|
||||
|
||||
The SQL file is in /usr/share/postgresql13/fix-CVE-2024-4317.sql
|
||||
|
||||
https://www.postgresql.org/docs/release/13.15/
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
#
|
||||
|
||||
|
||||
%define pgversion 13.14
|
||||
%define pgversion 13.15
|
||||
%define pgmajor 13
|
||||
%define buildlibs 0
|
||||
%define tarversion %{pgversion}
|
||||
|
Loading…
Reference in New Issue
Block a user