pool/postgresql15
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CVE-2024-4317

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql15?expand=0&rev=49
This commit is contained in:
Marcus Rückert 2024-05-09 14:13:39 +00:00 committed by Git OBS Bridge
parent c12dcc4d42
commit 227dfddf97
6 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postgresql-15.6.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb
size 23093967

1
postgresql-15.6.tar.bz2.sha256
View File

@ -1 +0,0 @@
8455146ed9c69c93a57de954aead0302cafad035c2b242175d6aa1e17ebcb2fb postgresql-15.6.tar.bz2

3
postgresql-15.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7
size 23112318

1
postgresql-15.7.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
a46fe49485ab6385e39dabbbb654f5d3049206f76cd695e224268729520998f7 postgresql-15.7.tar.bz2

25
postgresql15.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu May 9 14:06:24 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 15.7:
CVE-2024-4317: Restrict visibility of pg_stats_ext and
pg_stats_ext_exprs entries to the table owner
Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg_stats_ext_exprs allows an unprivileged database user to
read most common values and other statistics from CREATE
STATISTICS commands of other users. The most common values may
reveal column values the eavesdropper could not otherwise read or
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql15/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/15.7/
-------------------------------------------------------------------
Wed May 1 15:24:39 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>

2
postgresql15.spec
View File

@ -16,7 +16,7 @@
#
%define pgversion 15.6
%define pgversion 15.7
%define pgmajor 15
%define buildlibs 0
%define tarversion %{pgversion}