NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/postgresql: security bump to version 12.4

Browse Source 
- Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
  before 11.9 and before 10.14 did not properly sanitize the search_path
  during logical replication. An authenticated attacker could use this
  flaw in an attack similar to CVE-2018-1058, in order to execute
  arbitrary SQL command in the context of the user used for replication.
- Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
  not use search_path safely in their installation script. An attacker
  with sufficient privileges could use this flaw to trick an
  administrator into executing a specially crafted script, during the
  installation or update of such extension. This affects PostgreSQL
  versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
  before 9.5.23.

https://www.postgresql.org/docs/12/release-12-4.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2020-08-29 13:24:08 +02:00 committed by Peter Korsgaard
parent f5919b6059
commit 35ebee6510
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
package/postgresql/postgresql.hash
View File

@ -1,7 +1,7 @@
# From https://ftp.postgresql.org/pub/source/v12.3/postgresql-12.3.tar.bz2.md5
md5 a30c023dd7088e44d73be71af2ef404a postgresql-12.3.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.3/postgresql-12.3.tar.bz2.sha256
sha256 94ed64a6179048190695c86ec707cc25d016056ce10fc9d229267d9a8f1dcf41 postgresql-12.3.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.md5
md5 80ebbf0e55193b123760e5f8e48c6cff postgresql-12.4.tar.bz2
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.sha256
sha256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc postgresql-12.4.tar.bz2
# License file, Locally calculated
sha256 739e5d454d81d31a482469338b7c856f1f5c6b4cdda1551cea6f0f6d18eef62c COPYRIGHT

2
package/postgresql/postgresql.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
POSTGRESQL_VERSION = 12.3
POSTGRESQL_VERSION = 12.4
POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
POSTGRESQL_SITE = https://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
POSTGRESQL_LICENSE = PostgreSQL