[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0061 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 7 14:16:27 UTC 2014
Module: meta-openembedded.git
Branch: master
Commit: 30f8a0515a959ac4c45771b406fdcf01cc1aca1c
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=30f8a0515a959ac4c45771b406fdcf01cc1aca1c
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:54 2014 +0800
postgresql: add fix for CVE-2014-0061 Security Advisory
The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
...vilege-escalation-in-explicit-calls-to-PL.patch | 267 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 268 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=30f8a0515a959ac4c45771b406fdcf01cc1aca1c
More information about the Openembedded-commits
mailing list