[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0061 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Wed Dec 3 14:15:42 UTC 2014
Module: meta-openembedded.git
Branch: dizzy
Commit: 9cc023acd7846171644502ac03a64cdd60b45c20
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=9cc023acd7846171644502ac03a64cdd60b45c20
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:54 2014 +0800
postgresql: add fix for CVE-2014-0061 Security Advisory
The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
...vilege-escalation-in-explicit-calls-to-PL.patch | 267 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 268 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=9cc023acd7846171644502ac03a64cdd60b45c20
More information about the Openembedded-commits
mailing list