File _patchinfo of Package patchinfo.4534

<patchinfo incident="4534">
  <issue id="1029547" tracker="bnc">postgresql: fails to build with timezone 2017a</issue>
  <issue id="1037603" tracker="bnc">VUL-0: CVE-2017-7484: postgresql: Selectivity estimators bypass SELECT privilege checks</issue>
  <issue id="1038293" tracker="bnc">VUL-0: CVE-2017-7485: postgresql93,postgresql94: recognize PGREQUIRESSL variable again</issue>
  <issue id="1037624" tracker="bnc">VUL-0: CVE-2017-7486: postgresql: pg_user_mappings view discloses foreign server passwords</issue>
  <issue id="2017-7484" tracker="cve"/>
  <issue id="2017-7485" tracker="cve"/>
  <issue id="2017-7486" tracker="cve"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
This update for postgresql93 fixes the following issues:

The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes.

Bug fixes:

- bsc#1029547: Fix tests with timezone 2017a 
- CVE-2017-7486: Restrict visibility of
    pg_user_mappings.umoptions, to protect passwords stored as
    user mapping options. (bsc#1037624) 
- CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293)
- CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603)

More details can be found in the PostgreSQL release announcements:

- https://www.postgresql.org/docs/9.3/static/release-9-3-17.html
- https://www.postgresql.org/docs/9.3/static/release-9-3-16.html
- https://www.postgresql.org/docs/9.3/static/release-9-3-15.html

</description>
  <summary>Security update for postgresql93</summary>
</patchinfo>