2016-05-23 16:27:35 by Adam Ciarcinski | Files touched by this commit (26) |
Log message:
This release fixes a number of issues reported by users over the last two \
months. Most database administrators should plan to upgrade at the next \
available downtime, unless they have been affected directly by the fixed issues.
|
2016-04-09 14:51:50 by Adam Ciarcinski | Files touched by this commit (90) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and \
9.1.21. This release fixes two security issues and one index corruption issue in \
version 9.5. It also contains a variety of bug fixes for earlier versions. Users \
of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.
This release closes security hole CVE-2016-2193, where a query plan might get \
reused for more than one ROLE in the same session. This could cause the wrong \
set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065, a server crash bug triggered by using \
pageinspect with BRIN index pages. Since an attacker might be able to expose a \
few bytes of server memory, this crash is being treated as a security issue.
|
2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message:
Bump PKGREVISION for security/openssl ABI bump.
|
2016-02-25 12:46:21 by Jonathan Perkin | Files touched by this commit (13) |
Log message:
Use OPSYSVARS.
|
2016-02-25 02:46:57 by Tobias Nygren | Files touched by this commit (1) | |
Log message:
drop PKGREVISION after update
|
2016-02-25 02:38:56 by Tobias Nygren | Files touched by this commit (4) |
Log message:
Update to PostgreSQL 9.4.6 (2016-02-11)
Heads up: For upgrading past 9.4.5, users of jsonb_path_ops GIN indexes
should perform a REINDEX, because of a hash calculation fix.
This release fixes two security issues, as well as several bugs found
over the last four months.
CVE-2016-0773 Unicode regular expression buffer overflow
CVE-2016-0766 PL/Java privilege escalation
|
2015-11-03 02:56:36 by Alistair G. Crooks | Files touched by this commit (368) |
Log message:
Add SHA512 digests for distfiles for databases category
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-10-10 12:22:20 by Adam Ciarcinski | Files touched by this commit (5) |
Log message:
Changes 9.4.5:
Two security issues have been fixed in this release which affect users of \
specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary user input \
can crash the PostgreSQL server and cause a denial of service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto \
extension could be exploited to read a few additional bytes of memory. No \
working exploit for this issue has been developed.
|
2015-06-18 16:46:14 by Adam Ciarcinski | Files touched by this commit (25) | |
Log message:
Changes:
This release primarily fixes issues not successfully fixed in prior releases. It \
should be applied as soon as possible all users of major versions 9.3 and 9.4. \
Other users should apply at the next available downtime.
Crash Recovery Fixes:
Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4 with \
"multixact wraparound", but failed to account for issues doing \
multixact cleanup during crash recovery. This could cause servers to be unable \
to restart after a crash. As such, all users of 9.3 and 9.4 should apply this \
update as soon as possible.
|
2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152) |
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|