Upgrade PostgreSQL to 9.3.14 #1427
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[9.3.7](https://www.postgresql.org/docs/current/static/release-9-3-7.html): * CVE-2015-3165: Avoid possible crash when client disconnects just before the authentication timeout expires * CVE-2015-3166: Improve detection of system-call failures and information disclosure with out-of-memory situations and buffer overflows. * CVE-2015-3167: uniformly report decryption failures as "Wrong key or corrupt data" to avoid the risk of aiding attackers in recovering keys from other systems [9.3.10](https://www.postgresql.org/docs/current/static/release-9-3-10.html): * CVE-2015-5289: Guard against stack overflows in json parsing * CVE-2015-5288: Fix contrib/pgcrypto to detect and report too-short crypt() salts [9.3.11](https://www.postgresql.org/docs/current/static/release-9-3-11.html): * CVE-2016-0773: Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. * CVE-2007-4772: A more complete fix for an old fix to regex compiler handling loops. * CVE-2016-0766: Mitigate a PL/Java bug. [9.3.14](https://www.postgresql.org/docs/current/static/release-9-3-14.html): * CVE-2016-5423: possible mis-evaluation of nested CASE-WHEN expressions * CVE-2016-5424: Fix client programs' handling of special characters in database and role names. ... considered security fixes because crafted object names containing special characters could have been used to execute commands with superuser privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. Signed-off-by: Robb Kidd <[email protected]>
robbkidd
force-pushed
the
robb/upgrade-pg-9-3-14
branch
from
c92737c to
ac31676
Compare
|
👍 Tested a couple permutations of upgrading Supermarket 2.3.8 and 2.3.15 to a build of this branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
9.3.7:
before the authentication timeout expires
information disclosure with out-of-memory situations and buffer
overflows.
corrupt data" to avoid the risk of aiding attackers in recovering keys
from other systems
9.3.10:
crypt() salts
9.3.11:
could cause infinite loops in some cases, and memory overwrites in
other cases.
handling loops.
9.3.14:
database and role names. ... considered security fixes because crafted
object names containing special characters could have been used to
execute commands with superuser privileges the next time a superuser
executes pg_dumpall or other routine maintenance operations.