diff options
| author | adam <adam> | 2013-04-04 21:08:25 +0000 |
|---|---|---|
| committer | adam <adam> | 2013-04-04 21:08:25 +0000 |
| commit | d6c4357e3078f7c9a76b837d020f53de07043c84 (patch) | |
| tree | 80c7435d598076d59e5b3c15db33a97bd3db4769 /databases/postgresql90 | |
| parent | 9f3ff5f46400da181f8e720bb7d38f830780dad6 (diff) | |
| download | pkgsrc-d6c4357e3078f7c9a76b837d020f53de07043c84.tar.gz | |
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Diffstat (limited to 'databases/postgresql90')
| -rw-r--r-- | databases/postgresql90/Makefile.common | 4 | ||||
| -rw-r--r-- | databases/postgresql90/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/databases/postgresql90/Makefile.common b/databases/postgresql90/Makefile.common index 5c8f76b3b2e..48b1c54e325 100644 --- a/databases/postgresql90/Makefile.common +++ b/databases/postgresql90/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.23 2013/02/09 11:19:11 adam Exp $ +# $NetBSD: Makefile.common,v 1.24 2013/04/04 21:08:33 adam Exp $ # # used by databases/postgresql90-adminpack/Makefile # used by databases/postgresql90-client/Makefile @@ -21,7 +21,7 @@ # <lang>-postgresql client-side interface to PostgreSQL # postgresql-<lang> server-side module for PostgreSQL backend -DISTNAME= postgresql-9.0.12 +DISTNAME= postgresql-9.0.13 CATEGORIES= databases MASTER_SITES= ${MASTER_SITE_PGSQL:=source/v${PKGVERSION_NOREV}/} EXTRACT_SUFX= .tar.bz2 diff --git a/databases/postgresql90/distinfo b/databases/postgresql90/distinfo index f8f4c9798df..8d0a40234fb 100644 --- a/databases/postgresql90/distinfo +++ b/databases/postgresql90/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.16 2013/02/09 11:19:11 adam Exp $ +$NetBSD: distinfo,v 1.17 2013/04/04 21:08:33 adam Exp $ -SHA1 (postgresql-9.0.12.tar.bz2) = 5762f165c65de6781e1b07275b174cee5b3be2fd -RMD160 (postgresql-9.0.12.tar.bz2) = d9d874aaf9773512cff3648a9a4c865740304cc0 -Size (postgresql-9.0.12.tar.bz2) = 15122949 bytes +SHA1 (postgresql-9.0.13.tar.bz2) = d4812cba43c1a76b66f43687df78c86996a23620 +RMD160 (postgresql-9.0.13.tar.bz2) = 1b7e37cb4ecb1e512f5ca3c0350c9e908d03a01d +Size (postgresql-9.0.13.tar.bz2) = 15139873 bytes SHA1 (patch-aa) = c7e5aaff1c47d2e33df7692a412ef984c77ffcc0 SHA1 (patch-ab) = 6adfc53e325abe69582f1c7971f56144c697e9c1 SHA1 (patch-ac) = 76ddd3015d93b19cdd6000eaffc4f53cbd4965b5 |