ports/73142: security: new upstream postgresql

Martin Jackson mhjacks at swbell.net
Tue Oct 26 01:11:08 UTC 2004

>Number:         73142
>Category:       ports
>Synopsis:       security: new upstream postgresql
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 26 01:10:33 GMT 2004
>Originator:     Martin Jackson
>Release:        5.3-BETA7
Not relevant

In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6

Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files."

Also in these releases is a potential 'data loss' bug that was recently identified:

* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access transaction status" failures, which qualifies it as a potential-data-loss bug.

      See security advisory
      Upgrade to new version(s)

More information about the freebsd-ports-bugs mailing list