File _patchinfo of Package patchinfo.19714
<patchinfo incident="19714">
<issue tracker="bnc" id="1198166">PostgreSQL 11-14 don't build with LLVM 14</issue>
<issue tracker="bnc" id="1202368">VUL-0: CVE-2022-2625: postgresql10,postgresql12,postgresql13,postgresql14: Extension scripts replace objects not belonging to the extension.</issue>
<issue tracker="cve" id="2022-2625"/>
<issue tracker="bnc" id="1179945">[icu68] postgresql fails to build</issue>
<issue tracker="bnc" id="1183168">postgresql13: uninstall fails due to valid script expansion</issue>
<issue tracker="bnc" id="1185924">VUL-0: CVE-2021-32027: postgresql: Prevent integer overflows in array subscripting calculations</issue>
<issue tracker="bnc" id="1185925">VUL-0: CVE-2021-32028: postgresql: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists</issue>
<issue tracker="bnc" id="1185926">VUL-0: CVE-2021-32029: postgresql: Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates</issue>
<issue tracker="bnc" id="1185952">[Build 20210510] PostgreSQL 12 and 13 fail to build with LLVM12 on s390x</issue>
<issue tracker="bnc" id="1187751">Dependency error in postgresql13-server-devel-13.3-5.10.1 [ref:_00D1igLOd._5001ifx5tP:ref]</issue>
<issue tracker="bnc" id="1189748">VUL-0: CVE-2021-3677: postgresql: Memory disclosure in certain queries</issue>
<issue tracker="bnc" id="1190740">TLS reference in /usr/lib64/libLLVM.so mismatches non-TLS reference in /usr/lib64/libLLVM.so when linking to LLVM on s390x</issue>
<issue tracker="bnc" id="1192516">VUL-0: postgresql12,postgresql13,postgresql14: 2 November 2021 security issues</issue>
<issue tracker="bnc" id="1195680">PostgreSQL updates 2022/02</issue>
<issue tracker="bnc" id="1199475">VUL-0: CVE-2022-1552: postgresql13, postgresql14: Confine additional operations within “security restricted operation” sandboxes</issue>
<issue tracker="cve" id="2021-3677"/>
<issue tracker="cve" id="2021-23214"/>
<issue tracker="cve" id="2021-23222"/>
<issue tracker="cve" id="2021-32027"/>
<issue tracker="cve" id="2021-32028"/>
<issue tracker="cve" id="2021-32029"/>
<issue tracker="cve" id="2022-1552"/>
<packager>rmax</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for postgresql12</summary>
<description>This update for postgresql12 fixes the following issues:
- Upgrade to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to 12.11:
- CVE-2022-1552: Confined additional operations within "security restricted operation" sandboxes (bsc#1199475).
- Upgrade to 12.10 (bsc#1195680)
- Add constraints file with 12GB of memory for s390x as a workaround (boo#1190740)
- Upgrade to version 12.9 (bsc#1192516):
- CVE-2021-23214: Made the server reject extraneous data after an SSL or GSS encryption handshake
- CVE-2021-23222: Made libpq reject extraneous data after an SSL or GSS encryption handshake
- Upgrade to version 12.8:
- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).
- Upgrade to version 12.7:
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING "pg_psql_temporary_savepoint" does not exist (bsc#1185926).
- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
</description>
</patchinfo>
