http://www.postgresql.org/news/234.html In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6 Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files." Also in these releases is a potential 'data loss' bug that was recently identified: * Repair possible failure to update hint bits on disk Under rare circumstances this oversight could lead to "could not access transaction status" failures, which qualifies it as a potential-data-loss bug. Fix: Upgrade to new version(s) How-To-Repeat: See security advisory
Responsible Changed From-To: freebsd-ports-bugs->ade I'm currently doing a bunch of postgresql-related work, so I'll work on this one.
State Changed From-To: open->closed Updated after consultation with maintainer. Thanks for the heads-up.