From cb7095580ab18262f02e705d5ca622063ac42137 Mon Sep 17 00:00:00 2001 From: adam Date: Thu, 4 Apr 2013 21:08:25 +0000 Subject: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately. A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902. --- databases/postgresql92/distinfo | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'databases/postgresql92/distinfo') diff --git a/databases/postgresql92/distinfo b/databases/postgresql92/distinfo index dc891cf85a3..408b1c2a0e2 100644 --- a/databases/postgresql92/distinfo +++ b/databases/postgresql92/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.3 2013/02/09 11:19:17 adam Exp $ +$NetBSD: distinfo,v 1.4 2013/04/04 21:08:36 adam Exp $ -SHA1 (postgresql-9.2.3.tar.bz2) = fe46685c36f6a7a04edd67be5695b4f5acebedff -RMD160 (postgresql-9.2.3.tar.bz2) = bcbb159c411d068bc038f37bb40c030f70c3ac2a -Size (postgresql-9.2.3.tar.bz2) = 16371616 bytes +SHA1 (postgresql-9.2.4.tar.bz2) = 75b53c884cb10ed9404747b51677358f12082152 +RMD160 (postgresql-9.2.4.tar.bz2) = 7d3f523e20e79651ca0dbfe2c8ee240da52cb404 +Size (postgresql-9.2.4.tar.bz2) = 16395184 bytes SHA1 (patch-config_missing) = c2d7d742922ba6861e7660c75b7b53f09e564813 SHA1 (patch-config_perl.m4) = c7e5aaff1c47d2e33df7692a412ef984c77ffcc0 SHA1 (patch-configure) = 21b27add570cff1a24c440201eb1ed49f8223747 SHA1 (patch-contrib_dblink_Makefile) = 4960ad57d42465fae203870548e4c53f8a32ce04 -SHA1 (patch-contrib_dblink_dblink.c) = 0b867b256886765a6546c65e7e6a22795bd57218 +SHA1 (patch-contrib_dblink_dblink.c) = 245ce06df88837ba88142aea1d0ba787d65ddb45 SHA1 (patch-src_Makefile.shlib) = fedf35f38439a724fa6522e1aaef110c9909866a SHA1 (patch-src_backend_Makefile) = 76ddd3015d93b19cdd6000eaffc4f53cbd4965b5 SHA1 (patch-src_makefiles_Makefile.solaris) = 0168f5bc105ffc89d5db40907a08966d8465f5a0 -- cgit v1.2.3