CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2013/04/04 08:45:46
Modified files:
databases/postgresql: Makefile distinfo
databases/postgresql/pkg: PLIST-docs
Log message:
Critical SECURITY update to PostgreSQL, fixing CVE-2013-1899,
CVE-2013-1900 and CVE-2013-1901. ok jasper@
"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center." http://www.postgresql.org/about/news/1456/
