Path to this page:
Subject: CVS commit: pkgsrc/databases
From: Adam Ciarcinski
Date: 2015-10-11 12:59:20
Message id: 20151011105920.D9FEA98@cvs.netbsd.org
Log Message:
Changes 9.2.14:
Two security issues have been fixed in this release which affect users of \
specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary user input \
can crash the PostgreSQL server and cause a denial of service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto \
extension could be exploited to read a few additional bytes of memory. No \
working exploit for this issue has been developed.
Files: