update for postgresql

- Security and bugfix release 9.1.3:
* Require execute permission on the trigger function for "CREATE
TRIGGER" (CVE-2012-0866, bnc#749299).
* Remove arbitrary limitation on length of common name in SSL
certificates (CVE-2012-0867, bnc#749301).
* Convert newlines to spaces in names written in pg_dump
comments (CVE-2012-0868, bnc#749303).

See the release notes for the rest of the changes:
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
/usr/share/doc/packages/postgresql/HISTORY

Fixed bugs
bnc#749299
postgresql: Absent permission checks on trigger function to be called when creating a trigger
bnc#749303
postgresql: SQL injection due unsanitized newline characters in object names
bnc#749301
postgresql: MITM due improper x509_v3 CN validation during certificate verification
bnc#701489
postgresql-contrib: crypt_blowfish: 8-bit character mishandling
CVE-CVE-2012-0866
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-0867
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2012-0868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-CVE-2011-2483
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by
Selected Binaries
openSUSE Build Service is sponsored by