Fix Windows shell argument quoting. The incorrect quoting may have permitted arbitrary command execution. At a minimum, it gave broader control over the command line to actors supposed to have control over a single argument. Back-patch to 9.1 (all supported versions).
Security: CVE-2016-5424 Branch ------ REL9_2_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/4837155292f67f10576f3d7204ffd5379bbe3a7b Modified Files -------------- src/bin/pg_dump/pg_dumpall.c | 52 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
