Overview

File _patchinfo of Package patchinfo.40254

<patchinfo incident="40254">
  <issue tracker="cve" id="2025-8714"/>
  <issue tracker="cve" id="2025-8715"/>
  <issue tracker="cve" id="2025-8713"/>
  <issue tracker="bnc" id="1248120">VUL-0: CVE-2025-8713: postgresql: optimizer statistics can expose sampled data within a view, partition, or child table to unauthorized users</issue>
  <issue tracker="bnc" id="1248122">VUL-0: CVE-2025-8714: postgresql: untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client</issue>
  <issue tracker="bnc" id="1248119">VUL-0: CVE-2025-8715: postgresql: improper neutralization of newlines in pg_dump can lead to arbitrary code execution in the psql client and in the restore target server</issue>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql14</summary>
  <description>This update for postgresql14 fixes the following issues:

Upgrade to 14.19:

- CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120).
- CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql
  client (bsc#1248122).
- CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and
  in restore target server (bsc#1248119).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places