{"affected":[{"ecosystem_specific":{"binaries":[{"postgresql13":"13.3-5.10.1","postgresql13-contrib":"13.3-5.10.1","postgresql13-devel":"13.3-5.10.1","postgresql13-docs":"13.3-5.10.1","postgresql13-llvmjit":"13.3-5.10.1","postgresql13-plperl":"13.3-5.10.1","postgresql13-plpython":"13.3-5.10.1","postgresql13-pltcl":"13.3-5.10.1","postgresql13-server":"13.3-5.10.1","postgresql13-server-devel":"13.3-5.10.1","postgresql13-test":"13.3-5.10.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"postgresql13","purl":"pkg:rpm/opensuse/postgresql13&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"13.3-5.10.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for postgresql13 fixes the following issues:\n\n- Upgrade to version 13.3:\n- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).\n- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).\n- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).\n\n- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).\n- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).\n- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).\n","id":"openSUSE-SU-2021:1785-1","modified":"2021-07-19T10:00:12Z","published":"2021-07-19T10:00:12Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YKAEBUWSUHMGHAQQGZGGJL4XNRQXGZEZ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183168"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185924"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185925"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32027"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32028"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32029"}],"related":["CVE-2021-32027","CVE-2021-32028","CVE-2021-32029"],"summary":"Security update for postgresql13","upstream":["CVE-2021-32027","CVE-2021-32028","CVE-2021-32029"]}