Package "libpq5"

  postgresql-14 (14.8-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream version (LP: #2019214).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + Prevent CREATE SCHEMA from defeating changes in search_path
      (Alexander Lakhin)

      Within a CREATE SCHEMA command, objects in the prevailing
      search_path, as well as those in the newly-created schema, would be
      visible even within a called function or script that attempted to set
      a secure search_path. This could allow any user having permission to
      create a schema to hijack the privileges of a security definer
      function or extension script.
      (CVE-2023-2454)

    + Enforce row-level security policies correctly after inlining a
      set-returning function (Stephen Frost, Tom Lane)

      If a set-returning SQL-language function refers to a table having
      row-level security policies, and it can be inlined into a calling
      query, those RLS policies would not get enforced properly in some
      cases involving re-using a cached plan under a different role. This
      could allow a user to see or modify rows that should have been
      invisible.
      (CVE-2023-2455)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-8.html

 -- Athos Ribeiro <email address hidden> Tue, 16 May 2023 09:37:37 -0300

  postgresql-14 (14.7-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream version (LP: #2006406).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + libpq can leak memory contents after GSSAPI transport encryption
      initiation fails (Jacob Champion).
      (CVE-2022-41862)

    + Fix calculation of which GENERATED columns need to be updated in
      child tables during an UPDATE on a partitioned table or inheritance
      tree (Amit Langote, Tom Lane).

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-7.html

 -- Sergio Durigan Junior <email address hidden> Thu, 09 Feb 2023 15:18:50 -0500

  postgresql-14 (14.6-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream version (LP: #1996770).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + Disallow rules named _RETURN that are not ON SELECT rules (Tom Lane).

    + Fix use-after-free hazard in string comparisons. (Tom Lane)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-6.html

 -- Athos Ribeiro <email address hidden> Thu, 17 Nov 2022 17:11:29 -0300

  postgresql-14 (14.5-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream version (LP: #1984012).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + Do not let extension scripts replace objects not already belonging
      to the extension (Tom Lane).
      (CVE-2022-2625)

    + Do not let extension scripts replace objects not already belonging
      to the extension (Tom Lane).

    + Fix permissions checks in CREATE INDEX (Nathan Bossart,
      Noah Misch).

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-5.html

 -- Sergio Durigan Junior <email address hidden> Mon, 08 Aug 2022 18:15:57 -0400

  postgresql-14 (14.4-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream version (LP: #1978249).

    + A dump/restore is not required for those running 14.X.

    + However, if you have any indexes that were created using the
      CONCURRENTLY option under 14.X, you should re-index them after
      updating. See the upstream changelog linked below for further
      information.

    + Also, if you are upgrading from a version earlier than 14.3, see
      those release notes as well please.

    + Prevent possible corruption of indexes created or rebuilt with the
      CONCURRENTLY option (Álvaro Herrera).

      An optimization added in v14 caused CREATE INDEX ... CONCURRENTLY
      and REINDEX ... CONCURRENTLY to sometimes miss indexing rows that were
      updated during the index build. Revert that optimization. It is
      recommended that any indexes made with the CONCURRENTLY option be
      rebuilt after installing this update. (Alternatively, rebuild them
      without CONCURRENTLY.)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-4.html

 -- Sergio Durigan Junior <email address hidden> Fri, 17 Jun 2022 12:00:44 -0400