File _patchinfo of Package patchinfo.28971

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.28971

<patchinfo incident="28971">
  <issue tracker="bnc" id="1210303">Removal of %_restart_on_update breaks several packages</issue>
  <issue tracker="bnc" id="1211228">VUL-0: EMBARGOED: CVE-2023-2454: postgresql: Prevent CREATE SCHEMA from defeating changes in search_path</issue>
  <issue tracker="bnc" id="1211229">VUL-0: EMBARGOED: CVE-2023-2455: postgresql: Enforce row-level security policies correctly after inlining a set-returning function</issue>
  <issue tracker="cve" id="2023-2455"/>
  <issue tracker="cve" id="2023-2454"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql14</summary>
  <description>This update for postgresql14 fixes the following issues:

Updated to version 14.8:
  - CVE-2023-2454: Fixed an issue where a user having permission to
    create a schema could hijack the privileges of a security definer
    function or extension script (bsc#1211228).
  - CVE-2023-2455: Fixed an issue that could allow a user to see or
    modify rows that should have been invisible (bsc#1211229).
  - Internal fixes (bsc#1210303).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.28971

Places