svn commit: r398895 - in head/databases: postgresql90-client postgresql90-server postgresql91-client postgresql91-docs postgresql91-pltcl postgresql91-server postgresql92-client postgresql92-contri...
Jason Unovitch
jason.unovitch at gmail.com
Fri Oct 9 19:19:05 UTC 2015
On Thu, Oct 08, 2015 at 09:25:01PM +0000, Palle Girgensohn wrote:
> Author: girgen
> Date: Thu Oct 8 21:25:01 2015
> New Revision: 398895
> URL: https://svnweb.freebsd.org/changeset/ports/398895
>
> Log:
> Update PostgreSQL port to latest version.
>
> Two security issues have been fixed in this release which affect users
> of specific PostgreSQL features:
>
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
>
> CVE-2015-5288: The crypt( function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
>
> This update will also disable SSL renegotiation by default;
> previously, it was enabled by default. SSL renegotiation will be
> removed entirely in PostgreSQL versions 9.5 and later.
>
> URL: http://www.postgresql.org/about/news/1615/
> Security: CVE-2015-5288 CVE-2015-5289
>
Palle,
The commit message was missing 'MFH: 2015Q4'. Can you ensure this gets
taken care of in the quarterly branch?
Just in case, a helpful reminder from the commmitter's guide:
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/ports.html#ports-qa-misc-request-mfh
More information about the svn-ports-head
mailing list