Subject: CVS commit: pkgsrc/databases
From: Adam Ciarcinski
Date: 2015-10-11 12:59:20
Message id: 20151011105920.D9FEA98@cvs.netbsd.org

Log Message:
Changes 9.2.14:
Two security issues have been fixed in this release which affect users of \ 
specific PostgreSQL features:

CVE-2015-5289: json or jsonb input values constructed from arbitrary user input \ 
can crash the PostgreSQL server and cause a denial of service.

CVE-2015-5288: The crypt() function included with the optional pgCrypto \ 
extension could be exploited to read a few additional bytes of memory. No \ 
working exploit for this issue has been developed.

Files:
RevisionActionfile
1.18modifypkgsrc/databases/postgresql92/Makefile.common
1.15modifypkgsrc/databases/postgresql92/distinfo
1.14modifypkgsrc/databases/postgresql92-docs/PLIST
1.8modifypkgsrc/databases/postgresql92-server/PLIST