Next | Query returned 32 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2017-08-13 21:25:18 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.4, 9.5.8, 9.4.13, 9.3.18, and \ 
9.2.22. This release fixes three security issues. It also patches over 50 other \ 
bugs reported over the last three months. Users who are affected by the below \ 
security issues should update as soon as possible. Users affected by \ 
CVE-2017-7547 will need to perform additional steps after upgrading to resolve \ 
the issue. Other users should plan to update at the next convenient downtime.

Three security vulnerabilities have been closed by this release:
* CVE-2017-7546: Empty password accepted in some authentication methods
* CVE-2017-7547: The "pg_user_mappings" catalog view discloses \ 
passwords to users lacking server privileges
* CVE-2017-7548: lo_put() function ignores ACLs
   2017-05-12 21:37:55 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and \ 
9.2.21. This release fixes three security issues. It also patches a number of \ 
other bugs reported over the last three months. Users who use the PGREQUIRESSL \ 
environment variable to control connections, and users who rely on security \ 
isolation between database users when using foreign servers, should update as \ 
soon as possible. Other users should plan to update at the next convenient \ 
downtime.
   2017-02-11 11:18:53 by Adam Ciarcinski | Files touched by this commit (23) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and \ 
9.2.20. This release includes fixes that prevent data corruption issues in index \ 
builds and in certain write-ahead-log replay situations, which are detailed \ 
below. It also patches over 75 other bugs reported over the last three months.
   2016-10-29 21:41:55 by Adam Ciarcinski | Files touched by this commit (20) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19, \ 
and 9.1.24. This is also the last update for the PostgreSQL 9.1 series as it is \ 
now end-of-life. This release fixes two issues that can cause data corruption, \ 
which are described in more detail below. It also patches a number of other bugs \ 
reported over the last three months. The project urges users to apply this \ 
update at the next possible downtime.
   2016-08-23 08:28:16 by Adam Ciarcinski | Files touched by this commit (42) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and \ 
9.1.23. This release fixes two security issues. It also patches a number of \ 
other bugs reported over the last three months. Users who rely on security \ 
isolation between database users should update as soon as possible. Other users \ 
should plan to update at the next convenient downtime.

Security Issues
---------------
Two security holes have been closed by this release:

CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can \ 
allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \ 
\connect command. pg_dumpall will also refuse to handle database and role names \ 
containing line breaks after the update. For more information on these issues \ 
and how they affect backwards-compatibility, see the Release Notes.

Bug Fixes and Improvements
--------------------------
This update also fixes a number of bugs reported in the last few months. Some of \ 
these issues affect only version 9.5, but many affect all supported versions:

Fix misbehaviors of IS NULL/IS NOT NULL with composite values
Fix three areas where INSERT ... ON CONFLICT failed to work properly with other \ 
SQL features.
Make INET and CIDR data types properly reject bad IPv6 values
Prevent crash in "point ## lseg" operator for NaN input
Avoid possible crash in pg_get_expr()
Fix several one-byte buffer over-reads in to_number()
Don't needlessly plan query if WITH NO DATA is specified
Avoid crash-unsafe state in expensive heap_update() paths
Fix hint bit update during WAL replay of row locking operations
Avoid unnecessary "could not serialize access" with FOR KEY SHARE
Avoid crash in postgres -C when the specified variable is a null string
Fix two issues with logical decoding and subtransactions
Ensure that backends see up-to-date statistics for shared catalogs
Prevent possible failure when vacuuming multixact IDs in an upgraded database
When a manual ANALYZE specifies columns, don't reset changes_since_analyze
Fix ANALYZE's overestimation of n_distinct for columns with nulls
Fix bug in b-tree mark/restore processing
Fix building of large (bigger than shared_buffers) hash indexes
Prevent infinite loop in GiST index build with NaN values
Fix possible crash during a nearest-neighbor indexscan
Fix "PANIC: failed to add BRIN tuple" error
Prevent possible crash during background worker shutdown
Many fixes for issues in parallel pg_dump and pg_restore
Make pg_basebackup accept -Z 0 as no compression
Make regression tests safe for Danish and Welsh locales
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068)
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-23 16:27:35 by Adam Ciarcinski | Files touched by this commit (26)
Log message:
This release fixes a number of issues reported by users over the last two \ 
months. Most database administrators should plan to upgrade at the next \ 
available downtime, unless they have been affected directly by the fixed issues.
   2016-04-09 14:51:50 by Adam Ciarcinski | Files touched by this commit (90) | Package updated
Log message:
The PostgreSQL Global Development Group has released an update to all supported \ 
versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and \ 
9.1.21. This release fixes two security issues and one index corruption issue in \ 
version 9.5. It also contains a variety of bug fixes for earlier versions. Users \ 
of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.

This release closes security hole CVE-2016-2193, where a query plan might get \ 
reused for more than one ROLE in the same session. This could cause the wrong \ 
set of Row Level Security (RLS) policies to be used for the query.

The update also fixes CVE-2016-3065, a server crash bug triggered by using \ 
pageinspect with BRIN index pages. Since an attacker might be able to expose a \ 
few bytes of server memory, this crash is being treated as a security issue.
   2016-02-25 01:06:30 by Tobias Nygren | Files touched by this commit (4)
Log message:
Update to PostgreSQL 9.3.11 (2016-02-11)

This release fixes two security issues, as well as several bugs found
over the last four months.

CVE-2016-0773 Unicode regular expression buffer overflow
CVE-2016-0766 PL/Java privilege escalation
   2015-10-10 14:26:10 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Changes 9.3.10:
Two security issues have been fixed in this release which affect users of \ 
specific PostgreSQL features:

CVE-2015-5289: json or jsonb input values constructed from arbitrary user input \ 
can crash the PostgreSQL server and cause a denial of service.

CVE-2015-5288: The crypt() function included with the optional pgCrypto \ 
extension could be exploited to read a few additional bytes of memory. No \ 
working exploit for this issue has been developed.

Next | Query returned 32 messages, browsing 11 to 20 | Previous