public inbox for [email protected]
help / color / mirror / Atom feedFrom: apt.postgresql.org Repository Update <[email protected]>
To: PostgreSQL on Debian and Ubuntu <[email protected]>
Subject: postgresql-16 updated to version 16.10-1.pgdg+1
Date: Thu, 14 Aug 2025 14:15:27 +0000
Message-ID: <[email protected]> (raw)
The package postgresql-16 was updated on apt.postgresql.org.
apt-listchanges: Changelogs
---------------------------
postgresql-16 (16.10-1.pgdg+1) sid-pgdg; urgency=medium
* Rebuild for sid-pgdg.
* Changes applied by generate-pgdg-source:
+ Moving lib packages to component 16.
+ Enabling cassert.
-- PostgreSQL on Debian and Ubuntu <[email protected]> Tue, 08 Jul 2025 12:41:09 +0200
postgresql-16 (16.10-1) unstable; urgency=medium
* New upstream version 16.10.
+ Tighten security checks in planner estimation functions (Dean Rasheed)
The fix for CVE-2017-7484, plus followup fixes, intended to prevent
leaky functions from being applied to statistics data for columns that
the calling user does not have permission to read. Two gaps in that
protection have been found. One gap applies to partitioning and
inheritance hierarchies where RLS policies on the tables should restrict
access to statistics data, but did not.
The other gap applies to cases where the query accesses a table via a
view, and the view owner has permissions to read the underlying table
but the calling user does not have permissions on the view. The view
owner's permissions satisfied the security checks, and the leaky
function would get applied to the underlying table's statistics before
we check the calling user's permissions on the view. This has been
fixed by making security checks on views occur at the start of planning.
That might cause permissions failures to occur earlier than before.
The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
(CVE-2025-8713)
+ Prevent pg_dump scripts from being used to attack the user running the
restore (Nathan Bossart)
Since dump/restore operations typically involve running SQL commands as
superuser, the target database installation must trust the source
server. However, it does not follow that the operating system user who
executes psql to perform the restore should have to trust the source
server. The risk here is that an attacker who has gained
superuser-level control over the source server might be able to cause it
to emit text that would be interpreted as psql meta-commands. That would
provide shell-level access to the restoring user's own account,
independently of access to the target database.
To provide a positive guarantee that this can't happen, extend psql with
a
estrict command that prevents execution of further meta-commands,
and teach pg_dump to issue that before any data coming from the source
server.
The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
RyotaK for reporting this problem. (CVE-2025-8714)
+ Convert newlines to spaces in names included in comments in pg_dump
output (Noah Misch)
Object names containing newlines offered the ability to inject arbitrary
SQL commands into the output script. (Without the preceding fix,
injection of psql meta-commands would also be possible this way.)
CVE-2012-0868 fixed this class of problem at the time, but later work
reintroduced several cases.
The PostgreSQL Project thanks Noah Misch for reporting this problem.
(CVE-2025-8715)
* Drop obsolete patches:
+ hurd-iovec: implemented upstream
+ focal-arm64-outline-atomics: focal is EOL
+ jit-s390x, pgstat-report-conflicts-immediately.patch
v8-0001-Fix-recovery-conflict-SIGUSR1-handling.patch: s390x workarounds
-- Christoph Berg <[email protected]> Tue, 08 Jul 2025 12:41:09 +0200
New version 16.10-1.pgdg+1:
postgresql-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el, source
postgresql-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el, source
postgresql-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el, source
postgresql-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el, source
postgresql-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, source
postgresql-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64, source
postgresql-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el, source
postgresql-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el, source
postgresql-16-dbgsym | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-16-dbgsym | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-16-dbgsym | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-16-dbgsym | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-client-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-client-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-client-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-client-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-client-16-dbgsym | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-client-16-dbgsym | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-client-16-dbgsym | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-doc-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-doc-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-plperl-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-plperl-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-plperl-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-plperl-16-dbgsym | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-plperl-16-dbgsym | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-plperl-16-dbgsym | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-plpython3-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-plpython3-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-plpython3-16-dbgsym | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-plpython3-16-dbgsym | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-pltcl-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-pltcl-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-pltcl-16-dbgsym | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-pltcl-16-dbgsym | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64
postgresql-server-dev-16 | 16.9-1.pgdg110+1 | bullseye-pgdg | ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg25.04+1 | plucky-pgdg | amd64
postgresql-server-dev-16 | 16.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el
postgresql-server-dev-16 | 16.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el
The public mirrors serving apt.postgresql.org are synced hourly,
the updated packages will be available there shortly.
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: postgresql-16 updated to version 16.10-1.pgdg+1
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox