[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0060 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Thu Oct 30 08:06:22 UTC 2014
Module: meta-openembedded.git
Branch: master-next
Commit: f21644dc8f2ba4deb499f7312da1ebbc6e479a66
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=f21644dc8f2ba4deb499f7312da1ebbc6e479a66
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:53 2014 +0800
postgresql: add fix for CVE-2014-0060 Security Advisory
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../0003-Shore-up-ADMIN-OPTION-restrictions.patch | 273 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 274 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=f21644dc8f2ba4deb499f7312da1ebbc6e479a66
More information about the Openembedded-commits
mailing list