[v2.6] postgresql: multiple security fixes (new versions available: 9.3.3, 9.2.7, 9.1.12)
Multiple security fixes have been done in new version of postgresql: 9.3.3, 9.2.7, 9.1.12 (see http://www.postgresql.org/support/security/).
The package should be upgraded for all curent Alpine Linux branches.
(from redmine: issue id 2731, created on 2014-03-05, closed on 2014-03-13)
- Relations:
- parent #2727 (closed)
- Changesets:
- Revision e2979b6d by Natanael Copa on 2014-03-05T11:23:00Z:
main/postgresql: security upgrade to 9.2.7 (various CVEs)
fixes #2731
CVE-2014-0060 SET ROLE bypasses lack of ADMIN OPTION.
CVE-2014-0061 Privilege escalation via calls to validator functions.
CVE-2014-0062 Race condition in CREATE INDEX allows for privilege
escalation.
CVE-2014-0063 Potential buffer overruns due to integer overflow in
size calculations.
CVE-2014-0064 Potential buffer overruns in datetime input/output.
CVE-2014-0065 Potential buffer overruns of fixed-size buffers.
CVE-2014-0066 Potential null pointer dereference crash when crypt(3)
returns NULL.