Overview Repositories Revisions Requests Users Attributes Meta
postgresql: security and bugfix upgrade to 9.0.10

This version upgrade of PostgreSQL fixes following issues:

- Bugfix release 9.0.10:
* Fix planner's assignment of executor parameters, and fix
executor's rescan logic for CTE plan nodes.
* Improve page-splitting decisions in GiST indexes.
* Fix cascading privilege revoke to stop if privileges are still
held.
* Improve error messages for Hot Standby misconfiguration errors.
* Fix handling of SIGFPE when PL/Perl is in use.
* Prevent PL/Perl from crashing if a recursive PL/Perl function
is redefined while being executed.
* Work around possible misoptimization in PL/Perl.
- See also: http://www.postgresql.org/docs/9.0/static/release.html

- Security and bugfix release 9.0.9:
* Prevent access to external files/URLs via contrib/xml2
(CVE-2012-3488, bnc#776523).
* Prevent access to external files/URLs via XML entity references
(CVE-2012-3489, bnc#776524).
* Fix incorrect password transformation in contrib/pgcrypto
(CVE-2012-2143, bnc#766799).
* Ignore SECURITY DEFINER and SET attributes for a procedural
language's call handler (CVE-2012-2655, bnc#765069).
- See also: http://www.postgresql.org/docs/9.0/static/release.html
- Rename postgresql-mkspecfiles to pre_checkin.sh

Fixed bugs
bnc#765069
CVE-2012-2655: postgresql: denial of service (stack exhaustion) via specially-crafted SQL
bnc#776523
CVE-2012-3488: postgresql: arbitrary read + write of files via XSL functionality
bnc#766799
CVE-2012-2143: postgresql: BSD crypt 8bit character mishandling
bnc#776524
CVE-2012-3489: postgresql: determination of the existence of files
CVE-CVE-2012-3489
CVE-CVE-2012-3488
CVE-CVE-2012-2655
CVE-CVE-2012-2143
Selected Binaries
openSUSE Build Service is sponsored by
Places