Bug 73142 - security: new upstream postgresql
Summary: security: new upstream postgresql
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ade Lovett
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-26 02:10 UTC by mhjacks
Modified: 2004-11-05 19:23 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mhjacks 2004-10-26 02:10:33 UTC 
      http://www.postgresql.org/news/234.html

In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6

Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files."

Also in these releases is a potential 'data loss' bug that was recently identified:

* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access transaction status" failures, which qualifies it as a potential-data-loss bug.

Fix: 

Upgrade to new version(s)
How-To-Repeat:       See security advisory
Comment 1 Ade Lovett freebsd_committer freebsd_triage 2004-10-26 03:07:24 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ade

I'm currently doing a bunch of postgresql-related work, so I'll 
work on this one.
Comment 2 Ade Lovett freebsd_committer freebsd_triage 2004-11-05 19:23:34 UTC 
State Changed
From-To: open->closed

Updated after consultation with maintainer.  Thanks for the heads-up.