← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1863108] Re: New upstream microreleases 9.5.21 10.12 11.7 and 12.2

 

This bug was fixed in the package postgresql-10 - 10.12-0ubuntu0.18.04.1

---------------
postgresql-10 (10.12-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream release (LP: #1863108)
    - A dump/restore is not required however, if you use the contrib/intarray
      extension with a GiST index, and you rely on indexed searches for the <@
      operator, see the release notes for details in regard to a related fix.
    - Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
      Marking an object as dependent on an extension did not have any
      privilege check whatsoever.  This oversight allowed any user to mark
      routines, triggers, materialized views, or indexes as droppable by
      anyone able to drop an extension.  Require that the calling user own the
      specified object (and hence have privilege to drop it). (CVE-2020-1720)
    - Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/static/release-10-11.html
      https://www.postgresql.org/docs/10/static/release-10-12.html

 -- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>  Thu, 13 Feb
2020 15:18:22 +0100

** Changed in: postgresql-10 (Ubuntu Bionic)
       Status: Triaged => Fix Released

** Changed in: postgresql-11 (Ubuntu Eoan)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1863108

Title:
  New upstream microreleases 9.5.21 10.12 11.7 and 12.2

Status in postgresql-9.5 source package in Xenial:
  Triaged
Status in postgresql-10 source package in Bionic:
  Fix Released
Status in postgresql-11 source package in Eoan:
  Fix Released
Status in postgresql-12 source package in Focal:
  In Progress

Bug description:
  [Impact]

   * MRE for latest stable fixes of Postgres release on Feb 13th.

  [Test Case]

   * The Postgres MREs traditionally rely on the large set of autopkgtests
     to run for verification. In a PPA those are all already pre-checked to
     be good for this upload.

  [Regression Potential]

   * Upstreams tests are usually great and in additon in the Archive there
     are plenty of autopkgtests that in the past catched issues before being
     released.
     But never the less there always is a risk for something to break. Since
     these are general stable releases I can't pinpoint them to a most-likely
     area.
     - usually this works smoothly except a few test hickups (flaky) that need to be
       clarified to be sure. Pre-checks will catch those to be discussed upfront (as last time)

  [Other Info]

   * This is a reoccurring MRE, see below and all the references
   * This includes a fix for CVE: CVE-2020-1720 (Affects 9.6-12, so all but xenial)

  ---

  Current versions in supported releases:
   postgresql-9.5 | 9.5.19-0ubuntu0.16.04 xenial
   postgresql-10 | 10.10-0ubuntu0.18.04.1 bionic
   postgresql-11 | 11.5-1eoan
   postgresql-12 | 12.1-2build1 focal

  Special cases:
  - Focal will as usual be synced from Debian.
     I already see https://buildd.debian.org/status/fetch.php?pkg=postgresql-12&arch=s390x&ver=12.2-1&stamp=1581600108&raw=0

  Last relevant related stable updates: 9.5.21, 10.12, 11.5 and 12.2
  You'll see that the last update was missed, so I'll combined them.

  Standing MRE - Consider last updates as template:
  - pad.lv/1637236
  - pad.lv/1664478
  - pad.lv/1690730
  - pad.lv/1713979
  - pad.lv/1730661
  - pad.lv/1747676
  - pad.lv/1752271
  - pad.lv/1786938
  - pad.lv/1815665
  - pad.lv/1828012
  - pad.lv/1833211
  - pad.lv/1839058

  As usual we test and prep from the PPA and then push through
  SRU/Security as applicable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/xenial/+source/postgresql-9.5/+bug/1863108/+subscriptions


References