Fix Windows shell argument quoting. The incorrect quoting may have permitted arbitrary command execution. At a minimum, it gave broader control over the command line to actors supposed to have control over a single argument. Back-patch to 9.1 (all supported versions).
Security: CVE-2016-5424 Branch ------ REL9_3_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/395d565ac76b6fe5a9a97fb5e87e0d0842ba9824 Modified Files -------------- src/bin/pg_dump/pg_dumpall.c | 52 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
