group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #34496
[Bug 1863108] Re: New upstream microreleases 9.5.21 10.12 11.7 and 12.2
This bug was fixed in the package postgresql-10 - 10.12-0ubuntu0.18.04.1
---------------
postgresql-10 (10.12-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream release (LP: #1863108)
- A dump/restore is not required however, if you use the contrib/intarray
extension with a GiST index, and you rely on indexed searches for the <@
operator, see the release notes for details in regard to a related fix.
- Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
Marking an object as dependent on an extension did not have any
privilege check whatsoever. This oversight allowed any user to mark
routines, triggers, materialized views, or indexes as droppable by
anyone able to drop an extension. Require that the calling user own the
specified object (and hence have privilege to drop it). (CVE-2020-1720)
- Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/static/release-10-11.html
https://www.postgresql.org/docs/10/static/release-10-12.html
-- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> Thu, 13 Feb
2020 15:18:22 +0100
** Changed in: postgresql-10 (Ubuntu Bionic)
Status: Triaged => Fix Released
** Changed in: postgresql-11 (Ubuntu Eoan)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1863108
Title:
New upstream microreleases 9.5.21 10.12 11.7 and 12.2
Status in postgresql-9.5 source package in Xenial:
Triaged
Status in postgresql-10 source package in Bionic:
Fix Released
Status in postgresql-11 source package in Eoan:
Fix Released
Status in postgresql-12 source package in Focal:
In Progress
Bug description:
[Impact]
* MRE for latest stable fixes of Postgres release on Feb 13th.
[Test Case]
* The Postgres MREs traditionally rely on the large set of autopkgtests
to run for verification. In a PPA those are all already pre-checked to
be good for this upload.
[Regression Potential]
* Upstreams tests are usually great and in additon in the Archive there
are plenty of autopkgtests that in the past catched issues before being
released.
But never the less there always is a risk for something to break. Since
these are general stable releases I can't pinpoint them to a most-likely
area.
- usually this works smoothly except a few test hickups (flaky) that need to be
clarified to be sure. Pre-checks will catch those to be discussed upfront (as last time)
[Other Info]
* This is a reoccurring MRE, see below and all the references
* This includes a fix for CVE: CVE-2020-1720 (Affects 9.6-12, so all but xenial)
---
Current versions in supported releases:
postgresql-9.5 | 9.5.19-0ubuntu0.16.04 xenial
postgresql-10 | 10.10-0ubuntu0.18.04.1 bionic
postgresql-11 | 11.5-1eoan
postgresql-12 | 12.1-2build1 focal
Special cases:
- Focal will as usual be synced from Debian.
I already see https://buildd.debian.org/status/fetch.php?pkg=postgresql-12&arch=s390x&ver=12.2-1&stamp=1581600108&raw=0
Last relevant related stable updates: 9.5.21, 10.12, 11.5 and 12.2
You'll see that the last update was missed, so I'll combined them.
Standing MRE - Consider last updates as template:
- pad.lv/1637236
- pad.lv/1664478
- pad.lv/1690730
- pad.lv/1713979
- pad.lv/1730661
- pad.lv/1747676
- pad.lv/1752271
- pad.lv/1786938
- pad.lv/1815665
- pad.lv/1828012
- pad.lv/1833211
- pad.lv/1839058
As usual we test and prep from the PPA and then push through
SRU/Security as applicable.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/xenial/+source/postgresql-9.5/+bug/1863108/+subscriptions
References