group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1915254] Re: New upstream microreleases 9.5.25 10.16 12.6 13.2

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1915254@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Feb 2021 11:56:31 -0000
Reply-to: Bug 1915254 <1915254@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package postgresql-12 - 12.6-0ubuntu0.20.10.1

---------------
postgresql-12 (12.6-0ubuntu0.20.10.1) groovy-security; urgency=medium

  * New upstream version (LP: #1915254)
    + Fix incorrect detection of concurrent page splits while inserting
      into a GiST index (Heikki Linnakangas)

      Concurrent insertions could lead to a corrupt index with entries
      placed in the wrong pages.  It's recommended to reindex any GiST
      index that's been subject to concurrent insertions.

    + Fix CREATE INDEX CONCURRENTLY to wait for concurrent prepared
      transactions (Andrey Borodin)

      At the point where CREATE INDEX CONCURRENTLY waits for all concurrent
      transactions to complete so that it can see rows they inserted, it
      must also wait for all prepared transactions to complete, for the
      same reason.  Its failure to do so meant that rows inserted by
      prepared transactions might be omitted from the new index, causing
      queries relying on the index to miss such rows. In installations that
      have enabled prepared transactions (max_prepared_transactions > 0),
      it's recommended to reindex any concurrently-built indexes in case
      this problem occurred when they were built.

    + Fix information leakage in constraint-violation error messages
      (Heikki Linnakangas)

      If an UPDATE command attempts to move a row to a different partition
      but finds that it violates some constraint on the new partition, and
      the columns in that partition are in different physical positions
      than in the parent table, the error message could reveal the contents
      of columns that the user does not have SELECT privilege on.
      (CVE-2021-3393)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/static/release-12-6.html

 -- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>  Wed, 10 Feb
2021 11:47:33 +0100

** Changed in: postgresql-12 (Ubuntu Groovy)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3393

** Changed in: postgresql-12 (Ubuntu Focal)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1915254

Title:
  New upstream microreleases 9.5.25 10.16 12.6 13.2

Status in postgresql-9.5 source package in Xenial:
  Triaged
Status in postgresql-10 source package in Bionic:
  Triaged
Status in postgresql-12 source package in Focal:
  Fix Released
Status in postgresql-12 source package in Groovy:
  Fix Released
Status in postgresql-13 source package in Hirsute:
  Incomplete

Bug description:
  [Impact]

   * MRE for latest stable fixes of Postgres released on February 11th

  [Test Case]

   * The Postgres MREs traditionally rely on the large set of autopkgtests
     to run for verification. In a PPA those are all already pre-checked to
     be good for this upload.

  [Regression Potential]

   * Upstreams tests are usually great and in additon in the Archive there
     are plenty of autopkgtests that in the past catched issues before being
     released.
     But never the less there always is a risk for something to break. Since
     these are general stable releases I can't pinpoint them to a most-likely
     area.
     - usually this works smoothly except a few test hickups (flaky) that need to be
       clarified to be sure. Pre-checks will catch those to be discussed upfront (as last time)

  [Other Info]

   * This is a reoccurring MRE, see below and all the references
   * This includes a fix for one CVE:
      CVE-2021-3393 - only v12 for on Focal/Groovy

  ---

  Current versions in supported releases:
   postgresql-12 | 12.5-0ubuntu0.20.10.1 | groovy-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
   postgresql-12 | 12.5-0ubuntu0.20.04.1 | focal-security  | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
   postgresql-10 | 10.15-0ubuntu0.18.04.1 | bionic-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
   postgresql-9.5 | 9.5.24-0ubuntu0.16.04.1 | xenial-security | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x

  Special cases:
  - Hirsute will as usual be synced from Debian.
   Currently on 13.1 still
   postgresql-13 | 13.1-1build1 | hirsute | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

  Standing MRE - Consider last updates as template:
  - pad.lv/1637236
  - pad.lv/1664478
  - pad.lv/1690730
  - pad.lv/1713979
  - pad.lv/1730661
  - pad.lv/1747676
  - pad.lv/1752271
  - pad.lv/1786938
  - pad.lv/1815665
  - pad.lv/1828012
  - pad.lv/1833211
  - pad.lv/1839058
  - pad.lv/1863108
  - pad.lv/1892335

  As usual we test and prep from the PPA and then push through
  SRU/Security as applicable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/xenial/+source/postgresql-9.5/+bug/1915254/+subscriptions