Navigation:
Browse pkgsrc
(this page)Log Message: The PostgreSQL Global Development Group has released a security update to all \ current versions of the PostgreSQL database system, including versions 9.2.3, \ 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) \ vulnerability. All users should update their PostgreSQL installations as soon as \ possible. The security issue fixed in this release, CVE-2013-0255, allows a previously \ authenticated user to crash the server by calling an internal function with \ invalid arguments. This issue was discovered by independent security researcher \ Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for \ their efforts in making PostgreSQL more secure. Today's update also fixes a performance regression which caused a decrease in \ throughput when using dynamic queries in stored procedures in version 9.2. \ Applications which use PL/pgSQL's EXECUTE are strongly affected by this \ regression and should be updated. Additionally, we have fixed intermittent \ crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with \ replication. This release is expected to be the final update for version 8.3, which is now \ End-of-Life (EOL). Users of version 8.3 should plan to upgrade to a later \ version of PostgreSQL immediately. For more information, see our Versioning \ Policy. This update release also contains fixes for many minor issues discovered and \ patched by the PostgreSQL community in the last two months, including: * Prevent unnecessary table scans during vacuuming * Prevent spurious cached plan error in PL/pgSQL * Allow sub-SELECTs to be subscripted * Prevent DROP OWNED from dropping databases or tablespaces * Make ECPG use translated messages * Allow PL/Python to use multi-table trigger functions (again) in 9.1 and 9.2 * Fix several activity log management issues on Windows * Prevent autovacuum file truncation from being cancelled by deadlock_timeout * Make extensions build with the .exe suffix automatically on Windows * Fix concurrency issues with CREATE/DROP DATABASE * Reject out-of-range values in to_date() conversion function * Revert cost estimation for large indexes back to pre-9.2 behavior * Make pg_basebackup tolerate timeline switches * Cleanup leftover temp table entries during crash recovery * Prevent infinite loop when COPY inserts a large tuple into a table with a \ large fillfactor * Prevent integer overflow in dynahash creation * Make pg_upgrade work with INVALID indexes * Fix bugs in TYPE privileges * Allow Contrib installchecks to run in their own databases * Many documentation updates * Add new timezone "FET".
New packages: