Path to this page:
Subject: CVS commit: [pkgsrc-2017Q2] pkgsrc/databases
From: S.P.Zeidler
Date: 2017-09-13 08:23:56
Message id: 20170913062356.4855AFA98@cvs.NetBSD.org
Log Message:
Pullup ticket #5540 - requested by taca
databases/postgresql95: security update
databases/postgresql95-client: security update
databases/postgresql95-docs: security update
databases/postgresql95-server: security update
Revisions pulled up:
- databases/postgresql95-client/Makefile 1.5
- databases/postgresql95-docs/PLIST 1.8
- databases/postgresql95/Makefile.common 1.10
- databases/postgresql95/distinfo 1.9
- databases/postgresql95/patches/patch-src_pl_plperl_plperl.h 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sun Aug 13 19:25:18 UTC 2017
Modified Files:
pkgsrc/databases/postgresql92: Makefile.common distinfo
pkgsrc/databases/postgresql92-docs: PLIST
pkgsrc/databases/postgresql92/patches: patch-src_pl_plperl_plperl.h
pkgsrc/databases/postgresql93: Makefile.common distinfo
pkgsrc/databases/postgresql93-docs: PLIST
pkgsrc/databases/postgresql93/patches: patch-src_pl_plperl_plperl.h
pkgsrc/databases/postgresql94: Makefile.common distinfo
pkgsrc/databases/postgresql94-docs: PLIST
pkgsrc/databases/postgresql94/patches: patch-src_pl_plperl_plperl.h
pkgsrc/databases/postgresql95: Makefile.common distinfo
pkgsrc/databases/postgresql95-client: Makefile
pkgsrc/databases/postgresql95-docs: PLIST
pkgsrc/databases/postgresql95/patches: patch-src_pl_plperl_plperl.h
pkgsrc/databases/postgresql96: Makefile.common distinfo
pkgsrc/databases/postgresql96-client: Makefile PLIST
pkgsrc/databases/postgresql96-docs: PLIST
pkgsrc/databases/postgresql96/patches: patch-src_pl_plperl_plperl.h
Log Message:
The PostgreSQL Global Development Group has released an update to all \
supported versions of our database system, including 9.6.4, 9.5.8, 9.4.13, \
9.3.18, and 9.2.22. This release fixes three security issues. It also patches \
over 50 other bugs reported over the last three months. Users who are affected \
by the below security issues should update as soon as possible. Users affected \
by CVE-2017-7547 will need to perform additional steps after upgrading to \
resolve the issue. Other users should plan to update at the next convenient \
downtime.
Three security vulnerabilities have been closed by this release:
* CVE-2017-7546: Empty password accepted in some authentication methods
* CVE-2017-7547: The "pg_user_mappings" catalog view discloses \
passwords to users lacking server privileges
* CVE-2017-7548: lo_put() function ignores ACLs
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/postgresql95/Makefile.common
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/postgresql95/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/postgresql95-client/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/postgresql95-docs/PLIST
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/databases/postgresql95/patches/patch-src_pl_plperl_plperl.h
Files: