Date: Fri, 9 Oct 2015 19:18:55 +0000 From: Jason Unovitch <jason.unovitch@gmail.com> To: Palle Girgensohn <girgen@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r398895 - in head/databases: postgresql90-client postgresql90-server postgresql91-client postgresql91-docs postgresql91-pltcl postgresql91-server postgresql92-client postgresql92-contri... Message-ID: <20151009191855.GB83352@xts-bsd.pa-us.unovitch.com> In-Reply-To: <201510082125.t98LP1bJ014049@repo.freebsd.org> References: <201510082125.t98LP1bJ014049@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 08, 2015 at 09:25:01PM +0000, Palle Girgensohn wrote: > Author: girgen > Date: Thu Oct 8 21:25:01 2015 > New Revision: 398895 > URL: https://svnweb.freebsd.org/changeset/ports/398895 > > Log: > Update PostgreSQL port to latest version. > > Two security issues have been fixed in this release which affect users > of specific PostgreSQL features: > > CVE-2015-5289: json or jsonb input values constructed from arbitrary > user input can crash the PostgreSQL server and cause a denial of > service. > > CVE-2015-5288: The crypt( function included with the optional pgCrypto > extension could be exploited to read a few additional bytes of memory. > No working exploit for this issue has been developed. > > This update will also disable SSL renegotiation by default; > previously, it was enabled by default. SSL renegotiation will be > removed entirely in PostgreSQL versions 9.5 and later. > > URL: http://www.postgresql.org/about/news/1615/ > Security: CVE-2015-5288 CVE-2015-5289 > Palle, The commit message was missing 'MFH: 2015Q4'. Can you ensure this gets taken care of in the quarterly branch? Just in case, a helpful reminder from the commmitter's guide: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/ports.html#ports-qa-misc-request-mfh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151009191855.GB83352>