[v2.5] postgresql: multiple security fixes (new versions available: 9.3.3, 9.2.7, 9.1.12)
Multiple security fixes have been done in new version of postgresql: 9.3.3, 9.2.7, 9.1.12 (see http://www.postgresql.org/support/security/).
The package should be upgraded for all curent Alpine Linux branches.
(from redmine: issue id 2729, created on 2014-03-05, closed on 2014-03-13)
- Relations:
- parent #2727 (closed)
- Changesets:
- Revision 10c1e0fc by Natanael Copa on 2014-03-05T11:29:33Z:
main/postgresql: security upgrade to 9.2.7 (various CVEs)
fixes #2729
CVE-2014-0060 SET ROLE bypasses lack of ADMIN OPTION.
CVE-2014-0061 Privilege escalation via calls to validator functions.
CVE-2014-0062 Race condition in CREATE INDEX allows for privilege
escalation.
CVE-2014-0063 Potential buffer overruns due to integer overflow in
size calculations.
CVE-2014-0064 Potential buffer overruns in datetime input/output.
CVE-2014-0065 Potential buffer overruns of fixed-size buffers.
CVE-2014-0066 Potential null pointer dereference crash when crypt(3)
returns NULL.