From 8efd38a2acd90422d224e1fa1d4f626f7860bf65 Mon Sep 17 00:00:00 2001
From: Jason Helfman <jgh@FreeBSD.org>
Date: Wed, 30 May 2012 22:26:15 +0000
Subject: - Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)

http://www.postgresql.org/about/news/1397/

With hat: pgsql
---
 UPDATING | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'UPDATING')

diff --git a/UPDATING b/UPDATING
index c2de183bccc6..1941a77fc761 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,17 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20120530:
+  AFFECTS: users of databases/postgresql*-server
+  AUTHOR:  jgh@FreeBSD.org
+
+  Affected users are those who use the crypt(text, text) function with
+  DES encryption in the optional pg_crypto module. Passwords affected
+  are those that contain characters that cannot be represented with
+  7-bit ASCII. If a password contains a character that has the most
+  significant bit set (0x80), and DES encryption is used, that character
+  and all characters after it will be ignored.
+
 20120530:
   AFFECTS: users of net/nss-pam-ldap
   AUTHOR: scheidell@FreeBSD.org
-- 
cgit v1.2.3