2017-02-11 11:18:53 by Adam Ciarcinski | Files touched by this commit (23) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and \
9.2.20. This release includes fixes that prevent data corruption issues in index \
builds and in certain write-ahead-log replay situations, which are detailed \
below. It also patches over 75 other bugs reported over the last three months.
|
2016-10-29 21:41:55 by Adam Ciarcinski | Files touched by this commit (20) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19, \
and 9.1.24. This is also the last update for the PostgreSQL 9.1 series as it is \
now end-of-life. This release fixes two issues that can cause data corruption, \
which are described in more detail below. It also patches a number of other bugs \
reported over the last three months. The project urges users to apply this \
update at the next possible downtime.
|
2016-08-23 08:28:16 by Adam Ciarcinski | Files touched by this commit (42) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and \
9.1.23. This release fixes two security issues. It also patches a number of \
other bugs reported over the last three months. Users who rely on security \
isolation between database users should update as soon as possible. Other users \
should plan to update at the next convenient downtime.
Security Issues
---------------
Two security holes have been closed by this release:
CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can \
allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \
\connect command. pg_dumpall will also refuse to handle database and role names \
containing line breaks after the update. For more information on these issues \
and how they affect backwards-compatibility, see the Release Notes.
Bug Fixes and Improvements
--------------------------
This update also fixes a number of bugs reported in the last few months. Some of \
these issues affect only version 9.5, but many affect all supported versions:
Fix misbehaviors of IS NULL/IS NOT NULL with composite values
Fix three areas where INSERT ... ON CONFLICT failed to work properly with other \
SQL features.
Make INET and CIDR data types properly reject bad IPv6 values
Prevent crash in "point ## lseg" operator for NaN input
Avoid possible crash in pg_get_expr()
Fix several one-byte buffer over-reads in to_number()
Don't needlessly plan query if WITH NO DATA is specified
Avoid crash-unsafe state in expensive heap_update() paths
Fix hint bit update during WAL replay of row locking operations
Avoid unnecessary "could not serialize access" with FOR KEY SHARE
Avoid crash in postgres -C when the specified variable is a null string
Fix two issues with logical decoding and subtransactions
Ensure that backends see up-to-date statistics for shared catalogs
Prevent possible failure when vacuuming multixact IDs in an upgraded database
When a manual ANALYZE specifies columns, don't reset changes_since_analyze
Fix ANALYZE's overestimation of n_distinct for columns with nulls
Fix bug in b-tree mark/restore processing
Fix building of large (bigger than shared_buffers) hash indexes
Prevent infinite loop in GiST index build with NaN values
Fix possible crash during a nearest-neighbor indexscan
Fix "PANIC: failed to add BRIN tuple" error
Prevent possible crash during background worker shutdown
Many fixes for issues in parallel pg_dump and pg_restore
Make pg_basebackup accept -Z 0 as no compression
Make regression tests safe for Danish and Welsh locales
|
2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
|
2016-05-23 16:27:35 by Adam Ciarcinski | Files touched by this commit (26) |
Log message:
This release fixes a number of issues reported by users over the last two \
months. Most database administrators should plan to upgrade at the next \
available downtime, unless they have been affected directly by the fixed issues.
|
2016-04-09 14:51:50 by Adam Ciarcinski | Files touched by this commit (90) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and \
9.1.21. This release fixes two security issues and one index corruption issue in \
version 9.5. It also contains a variety of bug fixes for earlier versions. Users \
of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.
This release closes security hole CVE-2016-2193, where a query plan might get \
reused for more than one ROLE in the same session. This could cause the wrong \
set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065, a server crash bug triggered by using \
pageinspect with BRIN index pages. Since an attacker might be able to expose a \
few bytes of server memory, this crash is being treated as a security issue.
|
2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message:
Bump PKGREVISION for security/openssl ABI bump.
|
2016-02-25 12:46:21 by Jonathan Perkin | Files touched by this commit (13) |
Log message:
Use OPSYSVARS.
|
2016-02-25 02:45:21 by Tobias Nygren | Files touched by this commit (1) | |
Log message:
drop PKGREVISION after update
|
2016-02-25 01:41:54 by Tobias Nygren | Files touched by this commit (4) |
Log message:
Update to PostgreSQL 9.2.15 (2016-02-11)
This release fixes two security issues, as well as several bugs found
over the last four months.
CVE-2016-0773 Unicode regular expression buffer overflow
CVE-2016-0766 PL/Java privilege escalation
|