Date: Tue, 26 Oct 2004 01:09:28 GMT From: Martin Jackson <mhjacks@swbell.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/73142: security: new upstream postgresql Message-ID: <200410260109.i9Q19S3g033300@www.freebsd.org> Resent-Message-ID: <200410260110.i9Q1AY86012978@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 73142
>Category: ports
>Synopsis: security: new upstream postgresql
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 26 01:10:33 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Martin Jackson
>Release: 5.3-BETA7
>Organization:
>Environment:
Not relevant
>Description:
http://www.postgresql.org/news/234.html
In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files."
Also in these releases is a potential 'data loss' bug that was recently identified:
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access transaction status" failures, which qualifies it as a potential-data-loss bug.
>How-To-Repeat:
See security advisory
>Fix:
Upgrade to new version(s)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410260109.i9Q19S3g033300>