[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0060 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Wed Dec 3 14:15:42 UTC 2014
Module: meta-openembedded.git
Branch: dizzy
Commit: 08398ec33330425ad8a1706d92e0eb5055afbb81
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=08398ec33330425ad8a1706d92e0eb5055afbb81
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:53 2014 +0800
postgresql: add fix for CVE-2014-0060 Security Advisory
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../0003-Shore-up-ADMIN-OPTION-restrictions.patch | 273 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 274 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=08398ec33330425ad8a1706d92e0eb5055afbb81
More information about the Openembedded-commits
mailing list