cvs commit: ports/databases/postgresql73-server Makefile distinfo ports/databases/postgresql74-server Makefile distinfo ports/databases/postgresql80-server Makefile distinfo pkg-plist-server ports/databases/postgresql81-server Makefile ...

Palle Girgensohn girgen at FreeBSD.org
Mon Apr 23 16:10:54 UTC 2007


girgen      2007-04-23 16:10:54 UTC

  FreeBSD ports repository

  Modified files:
    databases/postgresql73-server Makefile distinfo 
    databases/postgresql74-server Makefile distinfo 
    databases/postgresql80-server Makefile distinfo 
                                  pkg-plist-server 
    databases/postgresql81-server Makefile distinfo 
                                  pkg-plist-server 
    databases/postgresql82-server Makefile distinfo 
                                  pkg-plist-server 
  Log:
  Update PostgreSQL to 7.3.19, 7.4.17, 8.0.13, 8.1.9 and 8.2.4 respectively:
  
   The PostgreSQL Global Development Group has released updated versions
   for PostgreSQL 8.2 and all back versions to patch a privilege
   escalation exploit in SECURITY DEFINER functions.  All users of this
   feature are urged to update to the latest minor version and follow
   instructions on securing these functions as soon as possible.  This
   minor release also contains other fixes, so all users should plan to
   deploy it.
  
   Once you have updated, additional steps are required to secure your
   database against the exploit.  Please read the release notes at
   http://www.postgresql.org/docs/8.2/static/release.html and the
   TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how
   to lock down your security definer functions, if you use them.
  
   As always, application of a minor release does not require a dump and
   reload of the database.
  
   The frequency of security fixes recently is a result of increased
   scrutiny of the PostgreSQL code by government agencies and
   security-conscious companies.  Rapid turnaround on security patches
   is key to keeping PostgreSQL the most secure SQL database.  Your work
   and vigilance in applying the latest security updates ensures that
   there will never be a PostgreSQL "worm".
  
  http://www.postgresql.org/docs/8.2/static/release-8-2-4.html
  http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-9
  http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-13
  http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17
  
  http://www.postgresql.org/docs/techdocs.77
  
  Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
  
  Revision  Changes    Path
  1.148     +1 -1      ports/databases/postgresql73-server/Makefile
  1.47      +12 -12    ports/databases/postgresql73-server/distinfo
  1.150     +16 -4     ports/databases/postgresql74-server/Makefile
  1.47      +12 -12    ports/databases/postgresql74-server/distinfo
  1.164     +1 -1      ports/databases/postgresql80-server/Makefile
  1.57      +12 -12    ports/databases/postgresql80-server/distinfo
  1.9       +463 -457  ports/databases/postgresql80-server/pkg-plist-server
  1.165     +1 -1      ports/databases/postgresql81-server/Makefile
  1.55      +12 -12    ports/databases/postgresql81-server/distinfo
  1.9       +6 -0      ports/databases/postgresql81-server/pkg-plist-server
  1.168     +1 -1      ports/databases/postgresql82-server/Makefile
  1.55      +12 -12    ports/databases/postgresql82-server/distinfo
  1.9       +6 -0      ports/databases/postgresql82-server/pkg-plist-server


More information about the cvs-ports mailing list