This bug was fixed in the package postgresql-8.4 - 8.4.22-0ubuntu0.10.04
---------------
postgresql-8.4 (8.4.22-0ubuntu0.10.04) lucid-proposed; urgency=medium
* New upstream bug fix release: (LP: #1348176)
- Various data integrity and other bug fixes.
- Secure Unix-domain sockets of temporary postmasters started during make
check.
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
- See release notes for details:
http://www.postgresql.org/docs/current/static/release-8-4-22.html
* Drop pg_regress patch to run tests with socket in /tmp, obsolete with
above upstream changes and not applicable any more.
* Add debian/postgresql-8.4.NEWS to point out that upstream support ends
now.
-- Martin Pitt <[email protected]> Thu, 24 Jul 2014 18:17:34 +0200
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1348176
Title:
New upstream microreleases 9.3.5, 9.1.14, 8.4.22
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-8.4/+bug/1348176/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
