FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=2016Q3 2016-04-01T14:00:51Z 2016-04-01T14:00:51Z Mathieu Arnold mat@FreeBSD.org 2016-04-01T14:00:51Z urn:sha1:4e1b79a0a61f4973df8b4b0864d22086c769e219 With hat: portmgr Sponsored by: Absolight 2015-10-08T21:25:01Z Palle Girgensohn girgen@FreeBSD.org 2015-10-08T21:25:01Z urn:sha1:0642ae4b77cc7e0c9aa0ffaa0045771924380dc5 Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt( function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. This update will also disable SSL renegotiation by default; previously, it was enabled by default. SSL renegotiation will be removed entirely in PostgreSQL versions 9.5 and later. URL: http://www.postgresql.org/about/news/1615/ Security: CVE-2015-5288 CVE-2015-5289 2015-10-08T15:11:28Z Jimmy Olgeni olgeni@FreeBSD.org 2015-10-08T15:11:28Z urn:sha1:42bc424f618b6148fae4b6088ace14057513f0bc 2015-01-23T22:50:49Z Antoine Brodin antoine@FreeBSD.org 2015-01-23T22:50:49Z urn:sha1:728929b7099aad3e10a4d7252746a57caee11378 as a directory name can't be attributed to a package 2014-08-25T17:53:26Z Chris Rees crees@FreeBSD.org 2014-08-25T17:53:26Z urn:sha1:dab15277f4ab5eef396460d80afc54d1f390a815 Reviewed by: bapt 2014-06-25T05:35:31Z Baptiste Daroussin bapt@FreeBSD.org 2014-06-25T05:35:31Z urn:sha1:a33191366c083aad8ab7cd37d06db2d4790f3e39 Please note that lots of invocation of MAKE_CMD here are wrong as they do not properly respect MAKE_ENV and friends With hat: portmgr 2014-02-26T17:24:35Z Antoine Brodin antoine@FreeBSD.org 2014-02-26T17:24:35Z urn:sha1:4d4db2684b5537944ba9de1e90179e90a1bc1149 Reviewed by: postgresql@ Tested by: miwi and me 2014-02-20T18:11:37Z Palle Girgensohn girgen@FreeBSD.org 2014-02-20T18:11:37Z urn:sha1:86dd060cb01f33d6386c41d6897e2c832584796a update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application. This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page. Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063 CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067 2014-02-19T14:45:19Z Mathieu Arnold mat@FreeBSD.org 2014-02-19T14:45:19Z urn:sha1:c924394e7bf4e87ffb44d02054f7c0a9723dc9ab Submitted by: hrs (based on) Sponsored by: Absolight 2014-02-18T14:50:34Z Mathieu Arnold mat@FreeBSD.org 2014-02-18T14:50:34Z urn:sha1:7f67d157d9380c9f4aeb51e0bfedd357a30dbbbd Sponsored by: Absolight