Bug 154436 - databases/postgresql90-server needs updating (CVE-2010-4015)
Summary: databases/postgresql90-server needs updating (CVE-2010-4015)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Palle Girgensohn
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-01 12:50 UTC by Alexander Pyhalov
Modified: 2011-02-01 14:50 UTC (History)
0 users

See Also:

Attachments
file.diff (1.12 KB, patch)
2011-02-01 12:50 UTC, Alexander Pyhalov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Pyhalov 2011-02-01 12:50:07 UTC 
There is a new version of PostgreSQL server. One minor security issue is  resolved. There are also some fixes, not related to security .

Fix: Patch attached with submission follows:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2011-02-01 13:01:37 UTC 
Responsible Changed
From-To: freebsd-bugs->girgen

Make this a ports PR and assign.
Comment 2 dfilter service freebsd_committer freebsd_triage 2011-02-01 14:48:22 UTC 
girgen      2011-02-01 14:48:17 UTC

  FreeBSD ports repository

  Modified files:
    databases/postgresql82-server Makefile distinfo 
    databases/postgresql83-server Makefile distinfo 
    databases/postgresql84-server Makefile distinfo 
    databases/postgresql90-server Makefile distinfo 
  Log:
  Update to versions 9.0.3, 8.4.7, 8.3.14 and 8.2.20.
  
  This update includes a security fix which prevents a buffer overrun in
  the contrib module intarray's input function for the query_int type.
  This bug is a security risk since the function's return address could
  be overwritten by malicious code.
  
  All supported versions of PostgreSQL are impacted. However, the
  affected contrib module is optional. Only users who have installed the
  intarray module in their database are affected. See the CVE Advisory
  at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
  
  This release includes 63 bugfixes, including:
  
  - Avoid unexpected conversion overflow in planner for distant date values
  - Fix assignment to an array slice that is before the existing range
  of subscripts
  - Fix pg_restore to do the right thing when escaping large objects
  - Avoid failures when EXPLAIN tries to display a simple-form CASE expression
  - Improved build support for Windows version
  - Fix bug in contrib/seg's GiST picksplit algorithm which caused
  performance degredation
  
  The 9.0.3 update also contains several fixes for issues with features
  introduced or changed in version 9.0:
  
  - Ensure all the received WAL is fsync'd to disk before exiting walreceiver
  - Improve performance of walreceiver by avoiding excess fsync activity
  - Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed
  - Fix EvalPlanQual for UPDATE of an inheritance tree when the tables
  are not all alike
  
  PR:             ports/154436
  Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015
  Feature safe:   yes
  Approved by:    portmgr
  
  Revision  Changes    Path
  1.196     +1 -1      ports/databases/postgresql82-server/Makefile
  1.68      +2 -2      ports/databases/postgresql82-server/distinfo
  1.209     +1 -1      ports/databases/postgresql83-server/Makefile
  1.77      +2 -2      ports/databases/postgresql83-server/distinfo
  1.220     +1 -1      ports/databases/postgresql84-server/Makefile
  1.80      +2 -2      ports/databases/postgresql84-server/distinfo
  1.214     +1 -1      ports/databases/postgresql90-server/Makefile
  1.80      +2 -2      ports/databases/postgresql90-server/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Palle Girgensohn freebsd_committer freebsd_triage 2011-02-01 14:48:38 UTC 
State Changed
From-To: open->closed

Committed. Thanks!