[Buildroot] [PATCH 1/1] package/postgresql: security bump to version 12.4
Peter Korsgaard
peter at korsgaard.com
Sat Aug 29 14:01:43 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
> before 11.9 and before 10.14 did not properly sanitize the search_path
> during logical replication. An authenticated attacker could use this
> flaw in an attack similar to CVE-2018-1058, in order to execute
> arbitrary SQL command in the context of the user used for replication.
> - Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
> not use search_path safely in their installation script. An attacker
> with sufficient privileges could use this flaw to trick an
> administrator into executing a specially crafted script, during the
> installation or update of such extension. This affects PostgreSQL
> versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
> before 9.5.23.
> https://www.postgresql.org/docs/12/release-12-4.html
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list