Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1tE5iv-0054S4-9K
	for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 21 Nov 2024 11:51:49 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1tE5ir-00EfD0-LH
	for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 21 Nov 2024 11:51:45 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <cb@df7cb.de>)
	id 1tE5ir-00EfCQ-Ee
	for pgsql-pkg-debian@lists.postgresql.org; Thu, 21 Nov 2024 11:51:45 +0000
Received: from mout-y-111.mailbox.org ([2001:67c:2050:103:465::111])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <cb@df7cb.de>)
	id 1tE5ik-00364G-5N
	for pgsql-pkg-debian@lists.postgresql.org; Thu, 21 Nov 2024 11:51:43 +0000
Received: from smtp1.mailbox.org (smtp1.mailbox.org
 [IPv6:2001:67c:2050:b231:465::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mout-y-111.mailbox.org (Postfix) with ESMTPS id 4XvGm36qZ5z9vyh;
	Thu, 21 Nov 2024 12:51:31 +0100 (CET)
Date: Thu, 21 Nov 2024 12:51:30 +0100
From: Christoph Berg <myon@debian.org>
To: Moritz =?iso-8859-1?Q?M=FChlenhoff?= <jmm@inutil.org>
Cc: Debian Security Team <team@security.debian.org>,
	PostgreSQL in Debian <pgsql-pkg-debian@lists.postgresql.org>
Subject: postgresql-15 (15.10-0+deb12u1) and a fix for CVE-2024-10978
Message-ID: <Zz8ewkTOHug5VdcT@msg.df7cb.de>
References: <ZrTK7iruFyVK7nIy@msg.df7cb.de>
 <ZrXWwoCWoxhAtGRl@pisco.westfalen.local>
 <Zzjl6LOGMZnB9MZu@msg.df7cb.de>
 <Zzj8cMUb4oxtl8js@inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Zzj8cMUb4oxtl8js@inutil.org>
X-Rspamd-Queue-Id: 4XvGm36qZ5z9vyh
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Archived-At: 
 <https://www.postgresql.org/message-id/Zz8ewkTOHug5VdcT%40msg.df7cb.de>
Precedence: bulk

Re: Moritz Mühlenhoff
> Ok, no problem. We'll release that revised update via bookworm-security
> as well, then.

Hi,

new PG15 uploaded:

postgresql-15 (15.10-0+deb12u1) bookworm-security; urgency=medium

  * New upstream version 15.10.

    + Repair ABI break for extensions that work with struct ResultRelInfo

      Last week's minor releases unintentionally broke binary compatibility
      with timescaledb and several other extensions.  Restore the affected
      structure to its previous size, so that such extensions need not be
      rebuilt.

    + Restore functionality of ALTER {ROLE|DATABASE} SET role

      The fix for CVE-2024-10978 accidentally caused settings for role to not
      be applied if they come from non-interactive sources, including previous
      ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.

 -- Christoph Berg <myon@debian.org>  Tue, 19 Nov 2024 15:36:12 +0100


Christoph