Hello community, here is the log from the commit of package postgresql92 for openSUSE:Factory checked in at 2013-04-17 23:16:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postgresql92 (Old) and /work/SRC/openSUSE:Factory/.postgresql92.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postgresql92", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/postgresql92/postgresql92-libs.changes 2013-03-08 09:39:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.postgresql92.new/postgresql92-libs.changes 2013-04-17 23:16:05.000000000 +0200 @@ -1,0 +2,24 @@ +Tue Apr 2 13:35:37 UTC 2013 - [email protected] + +- Updated to version 9.2.4 (bnc#812525): + * CVE-2013-1899: Fix insecure parsing of server command-line + switches. A connection request containing a database name that + begins with "-" could be crafted to damage or destroy files + within the server's data directory, even if the request is + eventually rejected. + * CVE-2013-1900: Reset OpenSSL randomness state in each + postmaster child process. This avoids a scenario wherein + random numbers generated by "contrib/pgcrypto" functions might + be relatively easy for another database user to guess. The + risk is only significant when the postmaster is configured + with ssl = on but most connections don't use SSL encryption. + * CVE-2013-1901: Make REPLICATION privilege checks test current + user not authenticated user. An unprivileged database user + could exploit this mistake to call pg_start_backup() or + pg_stop_backup(), thus possibly interfering with creation of + routine backups. + * See the release notes for the rest of the changes: + http://www.postgresql.org/docs/9.2/static/release-9-2-4.html + /usr/share/doc/packages/postgresql92/HISTORY + +------------------------------------------------------------------- postgresql92.changes: same change Old: ---- postgresql-9.2.3.tar.bz2 New: ---- postgresql-9.2.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postgresql92-libs.spec ++++++ --- /var/tmp/diff_new_pack.USWTLi/_old 2013-04-17 23:16:09.000000000 +0200 +++ /var/tmp/diff_new_pack.USWTLi/_new 2013-04-17 23:16:09.000000000 +0200 @@ -66,7 +66,7 @@ Summary: Basic Clients and Utilities for PostgreSQL License: PostgreSQL Group: Productivity/Databases/Tools -Version: 9.2.3 +Version: 9.2.4 Release: 0 %define pg_minor_version %(echo %version | sed -r 's/^([0-9]+\\.[0-9]+).*/\\1/') Source0: postgresql-%version.tar.bz2 postgresql92.spec: same change ++++++ postgresql-9.2.3.tar.bz2 -> postgresql-9.2.4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/postgresql92/postgresql-9.2.3.tar.bz2 /work/SRC/openSUSE:Factory/.postgresql92.new/postgresql-9.2.4.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
