-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Feb 2025 11:59:37 +0100 Source: postgresql-15 Binary: postgresql-doc-15 Architecture: all Version: 15.12-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Christoph Berg Description: postgresql-doc-15 - documentation for the PostgreSQL database management system Changes: postgresql-15 (15.12-0+deb12u1) bookworm; urgency=medium . * New upstream version 15.12. . + Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane) . The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. . In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string. Checksums-Sha1: cd8cf929579806ca78d43561e5045fd35a6f1239 10425 postgresql-15_15.12-0+deb12u1_all-buildd.buildinfo 8dceec9ecf9ec45d53d331c2b55bdfb67176da92 2065492 postgresql-doc-15_15.12-0+deb12u1_all.deb Checksums-Sha256: 98b69db82255549f831f0bad44a81a1ee8814bceabcd402333068b283b681605 10425 postgresql-15_15.12-0+deb12u1_all-buildd.buildinfo 4c79e209cc2d8df6add2fa3458e865e356ec6471a737665b7cd079ba7b0164ef 2065492 postgresql-doc-15_15.12-0+deb12u1_all.deb Files: 20429ef59f72b35bd65fb74e64eb30b2 10425 database optional postgresql-15_15.12-0+deb12u1_all-buildd.buildinfo b34ef64904e888a2e6bf1a2fba58072f 2065492 doc optional postgresql-doc-15_15.12-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmfDIBcACgkQ4cagXJhO TXsnAhAAvruLp+RAiWYrBhcO4Nvp2LSoG4HNR2CJeTIoAH2sfFIJuVhb0EaNPGQV +gfvuf1hxVIwjo1ElM5iGyGhDagmAdf164TGmSXBC+hVm+uJ6OK7er265rCkAMZe bJwdsBCRSyCvRGgd9FzbFcvAGZrpCL9RtuRt1UyqpJm5P+fr0BQzGUCWbEZYju61 +OrqaK39a/Rq9HAJVthCkQo14V3bVr8tlDt/h2T1gG0yK0X6E4ZpO4mdbitckSxK TaF7y3J1Ust0LsRZV/24ZxijFKymVFzqnkWU6JeCbScnFA677nD26UaT0dXh4qh9 arCOabnak/fV+EIDedwbj61uIjlU4LUlcK4DmNMI50+2ZZ7YCBaiS5/DzXZCCPAH EzLmpV4F6AmPp0x7tU9VsNL5UjaGLtzEt+jbwgmT2ID1d69jx8fqsPuWYMI67BqS cTTFiaxo5SqCfndlsyp58lfXTQQmu46mIB1VjSUCluqMGQDcK8DzIm+IHtxHFpRf sMBzWsyTzx/PpfvluvqBbJTr2HENHN39EQbPC5QJCMbjP1RiZQ2uHJe5zJ6tNG5P MQo+4O+BW9lGQD1QgqRvQtMT+9RCK8Vzjt2rX+3OypqMUiZDapj4oWyLcI9cPhPE w2Zo01bLfE+bPQNK0NKzuk82ekdut+3wt59TCyfbVJzgJYBSnoY= =yplT -----END PGP SIGNATURE-----