cvs commit: ports/databases/postgresql73-server Makefile distinfo
ports/databases/postgresql74-server Makefile distinfo
ports/databases/postgresql80-server Makefile distinfo
pkg-plist-server ports/databases/postgresql81-server Makefile ...
Palle Girgensohn
girgen at FreeBSD.org
Mon Apr 23 16:10:54 UTC 2007
girgen 2007-04-23 16:10:54 UTC
FreeBSD ports repository
Modified files:
databases/postgresql73-server Makefile distinfo
databases/postgresql74-server Makefile distinfo
databases/postgresql80-server Makefile distinfo
pkg-plist-server
databases/postgresql81-server Makefile distinfo
pkg-plist-server
databases/postgresql82-server Makefile distinfo
pkg-plist-server
Log:
Update PostgreSQL to 7.3.19, 7.4.17, 8.0.13, 8.1.9 and 8.2.4 respectively:
The PostgreSQL Global Development Group has released updated versions
for PostgreSQL 8.2 and all back versions to patch a privilege
escalation exploit in SECURITY DEFINER functions. All users of this
feature are urged to update to the latest minor version and follow
instructions on securing these functions as soon as possible. This
minor release also contains other fixes, so all users should plan to
deploy it.
Once you have updated, additional steps are required to secure your
database against the exploit. Please read the release notes at
http://www.postgresql.org/docs/8.2/static/release.html and the
TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how
to lock down your security definer functions, if you use them.
As always, application of a minor release does not require a dump and
reload of the database.
The frequency of security fixes recently is a result of increased
scrutiny of the PostgreSQL code by government agencies and
security-conscious companies. Rapid turnaround on security patches
is key to keeping PostgreSQL the most secure SQL database. Your work
and vigilance in applying the latest security updates ensures that
there will never be a PostgreSQL "worm".
http://www.postgresql.org/docs/8.2/static/release-8-2-4.html
http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-9
http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-13
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17
http://www.postgresql.org/docs/techdocs.77
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
Revision Changes Path
1.148 +1 -1 ports/databases/postgresql73-server/Makefile
1.47 +12 -12 ports/databases/postgresql73-server/distinfo
1.150 +16 -4 ports/databases/postgresql74-server/Makefile
1.47 +12 -12 ports/databases/postgresql74-server/distinfo
1.164 +1 -1 ports/databases/postgresql80-server/Makefile
1.57 +12 -12 ports/databases/postgresql80-server/distinfo
1.9 +463 -457 ports/databases/postgresql80-server/pkg-plist-server
1.165 +1 -1 ports/databases/postgresql81-server/Makefile
1.55 +12 -12 ports/databases/postgresql81-server/distinfo
1.9 +6 -0 ports/databases/postgresql81-server/pkg-plist-server
1.168 +1 -1 ports/databases/postgresql82-server/Makefile
1.55 +12 -12 ports/databases/postgresql82-server/distinfo
1.9 +6 -0 ports/databases/postgresql82-server/pkg-plist-server
More information about the cvs-all
mailing list