[v2.4] postgresql: multiple security fixes (new versions available: 9.3.3, 9.2.7, 9.1.12)
Multiple security fixes have been done in new version of postgresql: 9.3.3, 9.2.7, 9.1.12 (see http://www.postgresql.org/support/security/).
The package should be upgraded for all curent Alpine Linux branches.
(from redmine: issue id 2728, created on 2014-03-05, closed on 2014-03-13)
- Relations:
- parent #2727 (closed)
- Changesets:
- Revision 1933d0fb by Natanael Copa on 2014-03-05T11:28:19Z:
main/postgresql: security upgrade to 9.1.12 (various CVEs)
fixes #2728
CVE-2014-0060 SET ROLE bypasses lack of ADMIN OPTION.
CVE-2014-0061 Privilege escalation via calls to validator functions.
CVE-2014-0062 Race condition in CREATE INDEX allows for privilege
escalation.
CVE-2014-0063 Potential buffer overruns due to integer overflow in
size calculations.
CVE-2014-0064 Potential buffer overruns in datetime input/output.
CVE-2014-0065 Potential buffer overruns of fixed-size buffers.
CVE-2014-0066 Potential null pointer dereference crash when crypt(3)
returns NULL.