{"id":"MGASA-2025-0230","summary":"Updated postgresql15 & postgresql13 packages fix security vulnerabilities","details":"PostgreSQL optimizer statistics can expose sampled data within a view,\npartition, or child table. (CVE-2025-8713)\nPostgreSQL pg_dump lets superuser of origin server execute arbitrary\ncode in psql client. (CVE-2025-8714)\nPostgreSQL pg_dump newline in object name executes arbitrary code in\npsql client and in restore target server. (CVE-2025-8715)\n","modified":"2026-04-16T04:41:32.022757631Z","published":"2025-09-08T19:35:43Z","upstream":["CVE-2025-8713","CVE-2025-8714","CVE-2025-8715"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0230.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34608"},{"type":"WEB","url":"https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/"}],"affected":[{"package":{"name":"postgresql15","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/postgresql15?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.14-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0230.json"}},{"package":{"name":"postgresql13","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/postgresql13?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.22-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0230.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}