[v2.4] postgresql: multiple security fixes (new versions available: 9.3.3, 9.2.7, 9.1.12)
Multiple security fixes have been done in new version of postgresql: 9.3.3, 9.2.7, 9.1.12 (see http://www.postgresql.org/support/security/).
The package should be upgraded for all curent Alpine Linux branches.
(from redmine: issue id 2728, created on 2014-03-05, closed on 2014-03-13)
- parent #2727 (closed)
- Revision 1933d0fb by Natanael Copa on 2014-03-05T11:28:19Z:
main/postgresql: security upgrade to 9.1.12 (various CVEs) fixes #2728 CVE-2014-0060 SET ROLE bypasses lack of ADMIN OPTION. CVE-2014-0061 Privilege escalation via calls to validator functions. CVE-2014-0062 Race condition in CREATE INDEX allows for privilege escalation. CVE-2014-0063 Potential buffer overruns due to integer overflow in size calculations. CVE-2014-0064 Potential buffer overruns in datetime input/output. CVE-2014-0065 Potential buffer overruns of fixed-size buffers. CVE-2014-0066 Potential null pointer dereference crash when crypt(3) returns NULL.