[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0060 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 7 14:16:26 UTC 2014
Module: meta-openembedded.git
Branch: master
Commit: b89271147deaa0a409a5626d98681bb6f16528e2
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=b89271147deaa0a409a5626d98681bb6f16528e2
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:53 2014 +0800
postgresql: add fix for CVE-2014-0060 Security Advisory
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../0003-Shore-up-ADMIN-OPTION-restrictions.patch | 273 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 274 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=b89271147deaa0a409a5626d98681bb6f16528e2
More information about the Openembedded-commits
mailing list