• Accepted postgresql-11 11.14-0+deb10u1 (source) into oldstable-proposed

    From Debian FTP Masters@21:1/5 to All on Fri Nov 19 13:20:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Thu, 11 Nov 2021 12:53:26 +0100
    Source: postgresql-11
    Architecture: source
    Version: 11.14-0+deb10u1
    Distribution: buster-security
    Urgency: medium
    Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org>
    Changes:
    postgresql-11 (11.14-0+deb10u1) buster-security; urgency=medium
    .
    * New upstream security release.
    .
    + Make the server and libpq reject extraneous data after an SSL or GSS
    encryption handshake (Tom Lane)
    .
    A man-in-the-middle with the ability to inject data into the TCP
    connection could stuff some cleartext data into the start of a
    supposedly encryption-protected database session.
    .
    This could be abused to send faked SQL commands to the server, although
    that would only work if the server did not demand any authentication
    data. (However, a server relying on SSL certificate authentication
    might well not do so.) (CVE-2021-23214)
    .
    This could probably be abused to inject faked responses to the client's
    first few queries, although other details of libpq's behavior make that
    harder than it sounds. A different line of attack is to exfiltrate the
    client's password, or other sensitive data that might be sent early in
    the session. That has been shown to be possible with a server
    vulnerable to CVE-2021-23214. (CVE-2021-23222)
    .
    The PostgreSQL Project thanks Jacob Champion for reporting these
    problems.
    Checksums-Sha1:
    a9e533415d046807fc75263d48d237d52506b153 3745 postgresql-11_11.14-0+deb10u1.dsc
    18c8ef5ca8314ce18f1bd10b6cd6f3e4c7099e64 20172910 postgresql-11_11.14.orig.tar.bz2
    7ab89fc52a703c73ea2f6ed18c231a3e4a7c2a9b 28084 postgresql-11_11.14-0+deb10u1.debian.tar.xz
    Checksums-Sha256:
    1315b0b02f2788ecd3aaf0fc581f05316d4fd72c17268453e2d7066082c1584a 3745 postgresql-11_11.14-0+deb10u1.dsc
    965c7f4be96fb64f9581852c58c4f05c3812d4ad823c0f3e2bdfe777c162f999 20172910 postgresql-11_11.14.orig.tar.bz2
    f2c58526fdfad5cfc96e14bd9df4a24dc3e6335d5ec928ceaa5696e038439d28 28084 postgresql-11_11.14-0+deb10u1.debian.tar.xz
    Files:
    2fd47da3ba89b8c4902b36e30bdb3c8c 3745 database optional postgresql-11_11.14-0+deb10u1.dsc
    53e02a579932a3f1c38f79685ecd36be 20172910 database optional postgresql-11_11.14.orig.tar.bz2
    c26e76d3750bc4c95b69dacc21a6baca 28084 database optional postgresql-11_11.14-0+deb10u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmGNBU8ACgkQTFprqxLS p67+rRAAgf+pdtsnmL407QW9d4PsJezaei55UoOL1rnQakandpiUHc17rdVw5Flc KjN3IqHsjBXg7nHppBPzO/ZJq8M2t/US4kAa4yWfNEANIT5aWq5x3JFck1Z+UEn5 5jOfoHNfveOHaYBNSePmzRGvR6WlFRBU2CCoivovOLS1Wy2l2cW+CRXvnqemDLMo BA37Fp0a2wrRrvP/Y21HojA6hyuPdlHBTn1e/26sIBeo7xZ59eb09A9lNJNQ0Jty 2uoX+LnSdsJV+9R9jl3U/AcVO4Go+ZIj39ts6Dghlkr5sAaG9HyQqnM5Dwh0PIyx hsOCSiVHo7iAHlc4P/ew2NiyZUIkUfaWaj9YDTXjackqGa8StlxsCU/Y8nP77eCs Iysn4lEFXX2C/BKKjbFJOPcm8qk72Wr0jIRzG9ExYqS1bkPHKHjOjgui+9WZ4zti max1g/sJJWaY48AUM6838q/so7ilu5B18clzHUobYOxmd8OHZ2daBRIPcH6cS+vI O+b2UL8g9SSNv+Mb0WJTnL1VjWPkuG4WlGG04CvmchuZ2FLglBMQN0/NmkX9iTy1 RvhgUC4XyTwEX5Go8tCNMXfTRvxsYtD1v7NUISFvXw165k6WRerlJoClBgusN4sB /B5VW2Tq9+MDjcqEVMWzeHbt3poGfPoKlrwsdZkJZRuigksKPmw=
    =SmpG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)