Ubuntu
postgresql-9.3 package

  1. Bug #1690730
  2. Comment #18

Comment 18 for bug 1690730

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-9.3 - 9.3.17-0ubuntu0.14.04

---------------
postgresql-9.3 (9.3.17-0ubuntu0.14.04) trusty; urgency=medium

  * New upstream release (LP: #1690730)
    - Restrict visibility of pg_user_mappings.umoptions, to protect passwords
      stored as user mapping options (CVE-2017-7486)
    - Prevent exposure of statistical information via leaky operators
      (CVE-2017-7484)
    - Restore libpq's recognition of the PGREQUIRESSL environment variable
      (CVE-2017-7485)

    - A dump/restore is not required for those running 9.3.X.
    - However, if you use foreign data servers that make use of user passwords
      for authentication, see the first changelog entry.

    - Details about other changes at full changelog:
      https://www.postgresql.org/docs/9.3/static/release-9-3-17.html

 -- Christian Ehrhardt <email address hidden> Mon, 15 May 2017 08:45:01 +0200