File _patchinfo of Package patchinfo.1326

<patchinfo incident="1326">
  <category>security</category>
  <rating>moderate</rating>
  <packager>msmeissn</packager>
  <summary>Security update for postgresql93</summary>
  <description>
The PostreSQL database postgresql93 was updated to the bugfix release 9.3.10:

Security issues fixed:
- CVE-2015-5289, bsc#949670: json or jsonb input values
  constructed from arbitrary user input can crash the PostgreSQL
  server and cause a denial of service.
- CVE-2015-5288, bsc#949669: The crypt() function included with
  the optional pgCrypto extension could be exploited to read a
  few additional bytes of memory. No working exploit for this
  issue has been developed.

For the full release notes, see:
  http://www.postgresql.org/docs/current/static/release-9-3-10.html

Other bugs fixed:
* Move systemd related stuff and user creation to postgresql-init.
* Remove some obsolete %suse_version conditionals.
* Relax dependency on libpq to major version.
* Fix possible failure to recover from an inconsistent database state. See full release notes for details.
* Fix rare failure to invalidate relation cache init file.
* Avoid deadlock between incoming sessions and CREATE/DROP DATABASE.
* Improve planner's cost estimates for semi-joins and anti-joins with inner indexscans
* For the full release notes for 9.3.9 see: http://www.postgresql.org/docs/9.3/static/release-9-3-9.html
  </description>
  <issue tracker="cve" id="CVE-2015-5288"/>
  <issue tracker="cve" id="CVE-2015-5289"/>
  <issue tracker="bnc" id="949669">VUL-0: CVE-2015-5288: postgresql: Memory leak in crypt() function</issue>
  <issue tracker="bnc" id="949670">VUL-0: CVE-2015-5289: postgresql: Unchecked JSON input can crash the server</issue>
</patchinfo>