-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4622-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2020-1720 Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the oldstable distribution (stretch), this problem has been fixed in version 9.6.17-0+deb9u1. We recommend that you upgrade your postgresql-9.6 packages. For the detailed security status of postgresql-9.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-9.6 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5Fv1MACgkQEMKTtsN8 TjbpYw//YU2Sc1tl+rIO8K2+xsctcu85g9j5rbZz90a+Zv4/KVtlqE9QRUqZBqOz 3ZCM5KJSW7jVy6gF4DfS278xtDAEYO/geqxyEfV7ZnSu3ASguaQXBgbFKOQi2SpI xx7Zh8JmxYPAWxOf3aoyaSUTWkb2FOBVMkMGr8bZSaQNLbE9xGkX1Bpekmw/PdsK bpGGkJcFZytej8LadFG1TEY4ojnOiog8R7RByWtbSs5oc1CupaBCc5IKgd6eNCqR ENmsqThbcdZHuhQFug2c9IgSp8WOld87oXbu6iwyrBJLTFiNzT/DHVoJKbzbI+ic FS9nRW+KKqXFoCylshurvjGlW3vovbFL1Ye69klXVJ9cPbRAhBBUvVkrYrMfM+jw ANPuceOI70NTrtcJFq2IlmStz49HUQ3oP2dkcuDHh+TQooOF78aCKkSF00ayJzp1 QaVVmefgEaI7RgT0lhY70cjL/cmIFWBYKqm3CcY/bMouXl2ok4XztfUCOdGWQUAe zqeeurMLdpUOVm0wc6QCXS4xQ+qT/d/n9O5gOuFvS2vITLHEq98Wwgb4qiN3DLKP 1qU1/nbLRMME9qSeJXmEO6njsw5na03VQbpJGjDe4+Sf2JYi8Hd0qsaJ0yjSIYkO Q62wvt2/4hOuoEWestaxBVwkyOH2eW07R4cmX6PXy6h4dWxUUXc= =O/wC -----END PGP SIGNATURE-----