projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f5919b6) | patch
package/postgresql: security bump to version 12.4
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Aug 2020 11:24:08 +0000 (13:24 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Sat, 29 Aug 2020 14:00:35 +0000 (16:00 +0200)
commit35ebee6510a19f87aa007b9302bff8d29e1add21
treed3f7f49c71a7bd2a228fa40a017e4fcc90b747a8tree
parentf5919b6059c25e685a2ffc749f25c95e8edb96bfcommit | diff
package/postgresql: security bump to version 12.4

- Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
  before 11.9 and before 10.14 did not properly sanitize the search_path
  during logical replication. An authenticated attacker could use this
  flaw in an attack similar to CVE-2018-1058, in order to execute
  arbitrary SQL command in the context of the user used for replication.
- Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
  not use search_path safely in their installation script. An attacker
  with sufficient privileges could use this flaw to trick an
  administrator into executing a specially crafted script, during the
  installation or update of such extension. This affects PostgreSQL
  versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
  before 9.5.23.

https://www.postgresql.org/docs/12/release-12-4.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/postgresql/postgresql.hash diff | blob | history
package/postgresql/postgresql.mk diff | blob | history