diff options
| author | adam <adam> | 2013-04-04 21:08:25 +0000 |
|---|---|---|
| committer | adam <adam> | 2013-04-04 21:08:25 +0000 |
| commit | 5264ba3b4595974b5e7acaab8087f96505b143aa (patch) | |
| tree | 80c7435d598076d59e5b3c15db33a97bd3db4769 /databases/postgresql91/distinfo | |
| parent | b68a262892edca5dc4013e7cdc6658c5af3040c3 (diff) | |
| download | pkgsrc-5264ba3b4595974b5e7acaab8087f96505b143aa.tar.gz | |
The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
Diffstat (limited to 'databases/postgresql91/distinfo')
| -rw-r--r-- | databases/postgresql91/distinfo | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/databases/postgresql91/distinfo b/databases/postgresql91/distinfo index 9af41551d0c..794a82e2b22 100644 --- a/databases/postgresql91/distinfo +++ b/databases/postgresql91/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.13 2013/02/09 11:19:14 adam Exp $ +$NetBSD: distinfo,v 1.14 2013/04/04 21:08:35 adam Exp $ -SHA1 (postgresql-9.1.8.tar.bz2) = da932f51ffe8a578b5694c74867ce634ce847827 -RMD160 (postgresql-9.1.8.tar.bz2) = f37021b17f3de4a8d8f6482f7e340b6d31f08222 -Size (postgresql-9.1.8.tar.bz2) = 15815313 bytes +SHA1 (postgresql-9.1.9.tar.bz2) = 4cbbfc5be9b8e6fe3d67c5075c212bcb057eac20 +RMD160 (postgresql-9.1.9.tar.bz2) = 65aa38a4f687cd278bedcf4f1516089ab65924d1 +Size (postgresql-9.1.9.tar.bz2) = 15815421 bytes SHA1 (patch-config_perl.m4) = c7e5aaff1c47d2e33df7692a412ef984c77ffcc0 SHA1 (patch-configure) = dab79533dac06a79a5aa8439d6b15830d8d2fba7 SHA1 (patch-contrib_dblink_Makefile) = 4960ad57d42465fae203870548e4c53f8a32ce04 |