Cherry-pick security-relevant fixes from upstream imath library. This covers alterations to buffer sizing and zeroing made between imath 1.3 and imath 1.20. Valgrind Memcheck identified the buffer overruns and reliance on uninitialized data; their exploit potential is unknown. Builds specifying --with-openssl are unaffected, because they use the OpenSSL BIGNUM facility instead of imath. Back-patch to 9.0 (all supported versions).
Security: CVE-2015-0243 Branch ------ REL9_0_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/0a3ee8a5f845d0b7ad0ad9efa0ff08f221404c4d Modified Files -------------- contrib/pgcrypto/imath.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
