File _patchinfo of Package patchinfo.36500

<patchinfo incident="36500">
  <issue tracker="cve" id="2024-10977"/>
  <issue tracker="cve" id="2024-10976"/>
  <issue tracker="cve" id="2024-10978"/>
  <issue tracker="cve" id="2024-10979"/>
  <issue tracker="bnc" id="1233326">VUL-0: CVE-2024-10978: postgresql: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE</issue>
  <issue tracker="bnc" id="1233325">VUL-0: CVE-2024-10977: postgresql: Make libpq discard error messages received during SSL or GSS protocol negotiation</issue>
  <issue tracker="bnc" id="1233327">VUL-0: CVE-2024-10979: postgresql: Prevent trusted PL/Perl code from changing environment variables</issue>
  <issue tracker="bnc" id="1233323">VUL-0: CVE-2024-10976: postgresql: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference</issue>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql13</summary>
  <description>This update for postgresql13 fixes the following issues:

- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).
</description>
</patchinfo>