Release lucid does not exist.
Latest Changelogs for all releases
Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).
postgresql-15 | May 30th 15:07 | ||
---|---|---|---|
Release: mantic | Repo: universe | Level: updates | New version: 15.7-0ubuntu0.23.10.1 |
Packages in group: | postgresql-server-dev-15 | ||
postgresql-15 (15.7-0ubuntu0.23.10.1) mantic-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 15.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 15.6, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/15/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-15.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 10:27:51 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
ffmpeg | May 30th 15:07 | ||
---|---|---|---|
Release: mantic | Repo: universe | Level: security | New version: 7:6.0-6ubuntu1.1 |
Packages in group: | ffmpeg-doc libavcodec60 libavcodec-dev libavcodec-extra libavcodec-extra60 libavdevice60 libavdevice-dev libavfilter9 libavfilter-dev libavfilter-extra libavfilter-extra9 (... see all) | ||
ffmpeg (7:6.0-6ubuntu1.1) mantic-security; urgency=medium * SECURITY UPDATE: buffer overflow
-- Allen Huang <email address hidden> Tue, 28 May 2024 22:52:48 +0100 (See more...) |
|||
CVE-2023-49502 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c functi | ||
CVE-2023-49528 | Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service ( | ||
CVE-2023-50007 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function | ||
CVE-2023-50008 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavuti | ||
CVE-2023-50009 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in | ||
More... |
python-pymysql | May 30th 15:07 | ||
---|---|---|---|
Release: mantic | Repo: main | Level: updates | New version: 1.0.2-1ubuntu1.23.10.1 |
Packages in group: | python3-pymysql python-pymysql-doc | ||
python-pymysql (1.0.2-1ubuntu1.23.10.1) mantic-security; urgency=medium * SECURITY UPDATE: SQL injection via untrusted JSON input
-- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:33:51 -0400 |
|||
CVE-2024-36039 | PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. |
postgresql-15 | May 30th 15:07 | ||
---|---|---|---|
Release: mantic | Repo: main | Level: updates | New version: 15.7-0ubuntu0.23.10.1 |
Packages in group: | libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-15 postgresql-doc-15 postgresql-plperl-15 postgresql-plpython3-15 postgresql-pltcl-15 (... see all) | ||
postgresql-15 (15.7-0ubuntu0.23.10.1) mantic-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 15.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 15.6, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/15/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-15.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 10:27:51 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
postgresql-14 | May 30th 15:06 | ||
---|---|---|---|
Release: jammy | Repo: universe | Level: updates | New version: 14.12-0ubuntu0.22.04.1 |
Packages in group: | postgresql-server-dev-14 | ||
postgresql-14 (14.12-0ubuntu0.22.04.1) jammy-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 14.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 14.11, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-14.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 09:51:10 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
python-pymysql | May 30th 15:06 | ||
---|---|---|---|
Release: jammy | Repo: main | Level: updates | New version: 1.0.2-1ubuntu1.22.04.1 |
Packages in group: | python3-pymysql python-pymysql-doc | ||
python-pymysql (1.0.2-1ubuntu1.22.04.1) jammy-security; urgency=medium * SECURITY UPDATE: SQL injection via untrusted JSON input
-- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:34:34 -0400 |
|||
CVE-2024-36039 | PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. |
postgresql-14 | May 30th 15:06 | ||
---|---|---|---|
Release: jammy | Repo: main | Level: updates | New version: 14.12-0ubuntu0.22.04.1 |
Packages in group: | libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-14 postgresql-doc-14 postgresql-plperl-14 postgresql-plpython3-14 postgresql-pltcl-14 (... see all) | ||
postgresql-14 (14.12-0ubuntu0.22.04.1) jammy-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 14.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 14.11, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-14.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 09:51:10 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
python-pymysql | May 30th 15:06 | ||
---|---|---|---|
Release: focal | Repo: main | Level: updates | New version: 0.9.3-2ubuntu3.1 |
Packages in group: | python3-pymysql python-pymysql-doc | ||
python-pymysql (0.9.3-2ubuntu3.1) focal-security; urgency=medium * SECURITY UPDATE: SQL injection via untrusted JSON input
-- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:36:35 -0400 |
|||
1891484 | python-pymysql ftbfs in focal | ||
CVE-2024-36039 | PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. |
postgresql-16 | May 30th 14:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: security | New version: 16.3-0ubuntu0.24.04.1 |
Packages in group: | postgresql-server-dev-16 | ||
postgresql-16 (16.3-0ubuntu0.24.04.1) noble-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 16.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 16.2, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/16/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-16.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Wed, 29 May 2024 13:16:10 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
postgresql-16 | May 30th 14:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: security | New version: 16.3-0ubuntu0.24.04.1 |
Packages in group: | libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-16 postgresql-doc-16 postgresql-plperl-16 postgresql-plpython3-16 postgresql-pltcl-16 (... see all) | ||
postgresql-16 (16.3-0ubuntu0.24.04.1) noble-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 16.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 16.2, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/16/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-16.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Wed, 29 May 2024 13:16:10 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
node-browserify-sign | May 30th 14:07 | ||
---|---|---|---|
Release: mantic | Repo: universe | Level: updates | New version: 4.2.1-3ubuntu0.1 |
Packages in group: | |||
node-browserify-sign (4.2.1-3ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: Signature Forgery Attack
-- Amir Naseredini <email address hidden> Tue, 28 May 2024 12:26:03 +0100 |
|||
CVE-2023-46234 | browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i |
postgresql-15 | May 30th 14:07 | ||
---|---|---|---|
Release: mantic | Repo: universe | Level: security | New version: 15.7-0ubuntu0.23.10.1 |
Packages in group: | postgresql-server-dev-15 | ||
postgresql-15 (15.7-0ubuntu0.23.10.1) mantic-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 15.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 15.6, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/15/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-15.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 10:27:51 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
postgresql-15 | May 30th 14:07 | ||
---|---|---|---|
Release: mantic | Repo: main | Level: security | New version: 15.7-0ubuntu0.23.10.1 |
Packages in group: | libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-15 postgresql-doc-15 postgresql-plperl-15 postgresql-plpython3-15 postgresql-pltcl-15 (... see all) | ||
postgresql-15 (15.7-0ubuntu0.23.10.1) mantic-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 15.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 15.6, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/15/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-15.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 10:27:51 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |
node-browserify-sign | May 30th 14:07 | ||
---|---|---|---|
Release: jammy | Repo: universe | Level: updates | New version: 4.2.1-2ubuntu0.1 |
Packages in group: | |||
node-browserify-sign (4.2.1-2ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Signature Forgery Attack
-- Amir Naseredini <email address hidden> Wed, 29 May 2024 16:02:25 +0100 |
|||
CVE-2023-46234 | browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i |
postgresql-14 | May 30th 14:07 | ||
---|---|---|---|
Release: jammy | Repo: universe | Level: security | New version: 14.12-0ubuntu0.22.04.1 |
Packages in group: | postgresql-server-dev-14 | ||
postgresql-14 (14.12-0ubuntu0.22.04.1) jammy-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 14.X. + However, a security vulnerability was found in the system views
+ Also, if you are upgrading from a version earlier than 14.11, see
+ Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
These views failed to hide statistics for expressions that involve
The PostgreSQL Project thanks Lukas Fittl for reporting this
By itself, this fix will only fix the behavior in newly initdb'd
- In each database of the cluster, run the
\i /usr/share/postgresql/14/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases,
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at:
* d/postgresql-14.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 09:51:10 -0400 (See more...) |
|||
2067388 | New upstream microreleases 12.19, 14.12, 15.7 and 16.3 | ||
CVE-2024-4317 | Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value |