[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0061 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Thu Oct 30 08:06:22 UTC 2014
Module: meta-openembedded.git
Branch: master-next
Commit: 212f5e0f50eaad31fa75d22a2f439f86226cb4c9
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=212f5e0f50eaad31fa75d22a2f439f86226cb4c9
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 08:30:54 2014 +0800
postgresql: add fix for CVE-2014-0061 Security Advisory
The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
...vilege-escalation-in-explicit-calls-to-PL.patch | 267 +++++++++++++++++++++
meta-oe/recipes-support/postgresql/postgresql.inc | 1 +
2 files changed, 268 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=212f5e0f50eaad31fa75d22a2f439f86226cb4c9
More information about the Openembedded-commits
mailing list