CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2013/04/04 08:59:39
Modified files:
databases/postgresql: Tag: OPENBSD_5_2 Makefile distinfo
databases/postgresql/pkg: Tag: OPENBSD_5_2 PLIST-docs
Log message:
Critical SECURITY update to PostgreSQL in 5.2-stable, fixing CVE-2013-1899,
CVE-2013-1900 and CVE-2013-1901.
"A major security issue fixed in this release, CVE-2013-1899, makes
it possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within a
server's data directory. Anyone with access to the port the PostgreSQL
server listens on can initiate this request. This issue was discovered
by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software
Center." http://www.postgresql.org/about/news/1456/
A dump/restore is not required for those running 9.1.X.
However, this release corrects several errors in management of GiST
indexes. After installing this update, it is advisable to REINDEX
any GiST indexes that meet one or more of the conditions described
below.
Also, if you are upgrading from a version earlier than 9.1.6, see
the release notes for 9.1.6.
