Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade PostgreSQL to 9.3.14 to address several CVEs
[9.3.7](https://www.postgresql.org/docs/current/static/release-9-3-7.html): * CVE-2015-3165: Avoid possible crash when client disconnects just before the authentication timeout expires * CVE-2015-3166: Improve detection of system-call failures and information disclosure with out-of-memory situations and buffer overflows. * CVE-2015-3167: uniformly report decryption failures as "Wrong key or corrupt data" to avoid the risk of aiding attackers in recovering keys from other systems [9.3.10](https://www.postgresql.org/docs/current/static/release-9-3-10.html): * CVE-2015-5289: Guard against stack overflows in json parsing * CVE-2015-5288: Fix contrib/pgcrypto to detect and report too-short crypt() salts [9.3.11](https://www.postgresql.org/docs/current/static/release-9-3-11.html): * CVE-2016-0773: Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. * CVE-2007-4772: A more complete fix for an old fix to regex compiler handling loops. * CVE-2016-0766: Mitigate a PL/Java bug. [9.3.14](https://www.postgresql.org/docs/current/static/release-9-3-14.html): * CVE-2016-5423: possible mis-evaluation of nested CASE-WHEN expressions * CVE-2016-5424: Fix client programs' handling of special characters in database and role names. ... considered security fixes because crafted object names containing special characters could have been used to execute commands with superuser privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. Signed-off-by: Robb Kidd <[email protected]>
- Loading branch information
