The NetBSD Project

CVS log for pkgsrc/mk/pgsql.buildlink3.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mk

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: pkgsrc-2013Q2-base


Revision 1.35 / (download) - annotate - [select for diffs], Thu Apr 4 21:08:25 2013 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.34: +2 -13 lines
Diff to previous 1.34 (colored)

The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.

A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.

Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>