{"affected":[{"ecosystem_specific":{"binaries":[{"postgresql10":"10.15-lp152.2.9.1","postgresql10-contrib":"10.15-lp152.2.9.1","postgresql10-devel":"10.15-lp152.2.9.1","postgresql10-docs":"10.15-lp152.2.9.1","postgresql10-plperl":"10.15-lp152.2.9.1","postgresql10-plpython":"10.15-lp152.2.9.1","postgresql10-pltcl":"10.15-lp152.2.9.1","postgresql10-server":"10.15-lp152.2.9.1","postgresql10-test":"10.15-lp152.2.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"postgresql10","purl":"pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.15-lp152.2.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for postgresql10 fixes the following issues:\n\n- Upgrade to version 10.15:\n  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD\n    and firing of deferred triggers within index expressions and\n    materialized view queries.\n  * CVE-2020-25694, bsc#1178667:\n    a) Fix usage of complex connection-string parameters in pg_dump,\n    pg_restore, clusterdb, reindexdb, and vacuumdb.\n    b) When psql's \\connect command re-uses connection parameters,\n    ensure that all non-overridden parameters from a previous\n    connection string are re-used.\n  * CVE-2020-25696, bsc#1178668: Prevent psql's \\gset command from\n    modifying specially-treated variables.\n  * Fix recently-added timetz test case so it works when the USA\n    is not observing daylight savings time.\n  * https://www.postgresql.org/about/news/2111/\n  * https://www.postgresql.org/docs/10/release-10-15.html\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.","id":"openSUSE-SU-2020:2019-1","modified":"2020-11-25T20:08:51Z","published":"2020-11-25T20:08:51Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G6VHIJFOQOSKIFV42ZSMOTHSA5DC24KC/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178666"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178667"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178668"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25694"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25696"}],"related":["CVE-2020-25694","CVE-2020-25695","CVE-2020-25696"],"summary":"Security update for postgresql10","upstream":["CVE-2020-25694","CVE-2020-25695","CVE-2020-25696"]}