On 2013/04/04 08:45, Stuart Henderson wrote: > CVSROOT: /cvs > Module name: ports > Changes by: st...@cvs.openbsd.org 2013/04/04 08:45:46 > > Modified files: > databases/postgresql: Makefile distinfo > databases/postgresql/pkg: PLIST-docs > > Log message: > Critical SECURITY update to PostgreSQL, fixing CVE-2013-1899, > CVE-2013-1900 and CVE-2013-1901. ok jasper@ > > "A major security issue fixed in this release, CVE-2013-1899, makes > it possible for a connection request containing a database name that > begins with "-" to be crafted that can damage or destroy files within a > server's data directory. Anyone with access to the port the PostgreSQL > server listens on can initiate this request. This issue was discovered > by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software > Center." http://www.postgresql.org/about/news/1456/ >
Note from changelog: A dump/restore is not required for those running 9.2.X. However, this release corrects several errors in management of GiST indexes. After installing this update, it is advisable to REINDEX any GiST indexes that meet one or more of the conditions described below. Also, if you are upgrading from a version earlier than 9.2.2, see the release notes for 9.2.2.
