Bug 144863 - [patch] databases/postgresql84-server needs to be updated to 8.4.3
Summary: [patch] databases/postgresql84-server needs to be updated to 8.4.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Xin LI
Depends on:
Reported: 2010-03-18 19:50 UTC by Alexander Pyhalov
Modified: 2010-03-25 21:50 UTC (History)
0 users

See Also:

file.diff (2.76 KB, patch)
2010-03-18 19:50 UTC, Alexander Pyhalov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Pyhalov 2010-03-18 19:50:02 UTC
Serious security vulnerability was found in Postgres 8.4.2 (CVE-2010-0442). Usual user may crash server process, and in that way disconnect all current session from server. (Sample incorrectly processed query may be found here - https://bugzilla.redhat.com/show_bug.cgi?id=559259 ). 
Postgres should be updated to 8.4.3

Fix: Update to postgresql-8.4.3.

Patch attached with submission follows:
How-To-Repeat: Execute
select substring(B'10101010101010101010101010101010101010101010101',33,-15);    
in one session. Other will be disconnected.
Comment 1 Bruce Cran freebsd_committer 2010-03-18 19:55:01 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-ports-bugs

Ports PR.
Comment 2 Mark Linimon freebsd_committer 2010-03-18 21:59:33 UTC
Responsible Changed
From-To: freebsd-ports-bugs->girgen

Over to maintainer.
Comment 3 Xin LI freebsd_committer 2010-03-25 21:48:01 UTC
State Changed
From-To: open->closed

Committed with ports-security@ hat, thanks for your submission! 

Comment 4 Xin LI freebsd_committer 2010-03-25 21:48:01 UTC
Responsible Changed
From-To: girgen->delphij

Take since I have committed the patch.
Comment 5 dfilter service freebsd_committer 2010-03-25 21:48:41 UTC
delphij     2010-03-25 21:47:52 UTC

  FreeBSD ports repository

  Modified files:
    databases/postgresql84-server Makefile distinfo 
  Update to 8.4.3.
  PR:             ports/144863
  Submitted by:   Alexander <alp rsu ru>
  Security:       e050119b-3856-11df-b2b2-002170daae37
  With hat:       ports-security@
  Revision  Changes    Path
  1.200     +1 -2      ports/databases/postgresql84-server/Makefile
  1.76      +3 -3      ports/databases/postgresql84-server/distinfo
  1.26      +3 -0      ports/databases/postgresql84-server/pkg-plist-server
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"