New upstream microreleases 9.3.5, 9.1.14, 8.4.22
Bug #1348176 reported by
Martin Pitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postgresql-8.4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
postgresql-9.1 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
postgresql-9.3 (Ubuntu) |
Fix Released
|
Medium
|
Martin Pitt | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Medium
|
Martin Pitt |
Bug Description
New postgresql bug fix releases today: http://
As per the standing MRE these should go into stables.
no longer affects: | postgresql-8.4 (Ubuntu Precise) |
no longer affects: | postgresql-8.4 (Ubuntu Trusty) |
no longer affects: | postgresql-8.4 (Ubuntu Utopic) |
Changed in postgresql-8.4 (Ubuntu): | |
status: | New → Invalid |
no longer affects: | postgresql-9.1 (Ubuntu Lucid) |
no longer affects: | postgresql-9.1 (Ubuntu Trusty) |
no longer affects: | postgresql-9.1 (Ubuntu Utopic) |
Changed in postgresql-9.1 (Ubuntu): | |
status: | New → Invalid |
no longer affects: | postgresql-9.3 (Ubuntu Lucid) |
no longer affects: | postgresql-9.3 (Ubuntu Precise) |
Changed in postgresql-9.3 (Ubuntu Utopic): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Martin Pitt (pitti) |
description: | updated |
Changed in postgresql-9.3 (Ubuntu Utopic): | |
status: | In Progress → Fix Committed |
Changed in postgresql-9.3 (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in postgresql-9.1 (Ubuntu Precise): | |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package postgresql-9.3 - 9.3.5-0ubuntu1
---------------
postgresql-9.3 (9.3.5-0ubuntu1) utopic; urgency=medium
[ Christoph Berg ]
* New upstream release. (LP: #1348176)
+ Secure Unix-domain sockets of temporary postmasters started during make
check (Noah Misch)
Any local user able to access the socket file could connect as the 2014-0067. This change defends against that risk by placing the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-
server's socket in a temporary, mode 0700 subdirectory of /tmp.
* Remove our pg_regress patches to support --host=/path.
* Remove the tcl8.6 patch, went upstream.
* Update Vcs URLs.
-- Martin Pitt <email address hidden> Thu, 24 Jul 2014 15:14:05 +0200