diff options
| author | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2013-04-04 21:08:25 +0000 |
| commit | cb7095580ab18262f02e705d5ca622063ac42137 (patch) | |
| tree | 80c7435d598076d59e5b3c15db33a97bd3db4769 /databases/Makefile | |
| parent | 5bf004b2cbb9e7c089d7faa3e34b43a29e725d81 (diff) | |
| download | pkgsrc-cb7095580ab18262f02e705d5ca622063ac42137.tar.gz | |
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Diffstat (limited to 'databases/Makefile')
| -rw-r--r-- | databases/Makefile | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/databases/Makefile b/databases/Makefile index 238a9d68b67..1912938a590 100644 --- a/databases/Makefile +++ b/databases/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.427 2013/03/21 04:05:41 jnemeth Exp $ +# $NetBSD: Makefile,v 1.428 2013/04/04 21:08:25 adam Exp $ COMMENT= Databases @@ -44,7 +44,6 @@ SUBDIR+= java-qdbm SUBDIR+= java-tokyocabinet SUBDIR+= jdbc-mysql31 SUBDIR+= jdbc-mysql5 -SUBDIR+= jdbc-postgresql83 SUBDIR+= jdbc-postgresql84 SUBDIR+= jdbc-postgresql92 SUBDIR+= kmysqladmin @@ -240,14 +239,6 @@ SUBDIR+= poco-data-sqlite SUBDIR+= postgresql-pgbench SUBDIR+= postgresql-postgis #SUBDIR+= postgresql-uuid # just contains files for postgresql*-uuid -SUBDIR+= postgresql83 -SUBDIR+= postgresql83-adminpack -SUBDIR+= postgresql83-client -SUBDIR+= postgresql83-plperl -SUBDIR+= postgresql83-plpython -SUBDIR+= postgresql83-pltcl -SUBDIR+= postgresql83-server -SUBDIR+= postgresql83-uuid SUBDIR+= postgresql84 SUBDIR+= postgresql84-adminpack SUBDIR+= postgresql84-client |