Overview

File _patchinfo of Package patchinfo.openSUSE_11.4.378

<patchinfo>
<releasetarget project="openSUSE:11.4:Update"/>
  <issue id="749299" tracker="bnc">postgresql: Absent permission checks on trigger function to be called when creating a trigger</issue>
  <issue id="749303" tracker="bnc">postgresql: SQL injection due unsanitized newline characters in object names</issue>
  <issue id="749301" tracker="bnc">postgresql: MITM due improper x509_v3 CN validation during certificate verification</issue>
  <issue id="701489" tracker="bnc">postgresql-contrib: crypt_blowfish: 8-bit character mishandling</issue>
  <issue id="CVE-2012-0866" tracker="cve" />
  <issue id="CVE-2012-0867" tracker="cve" />
  <issue id="CVE-2012-0868" tracker="cve" />
  <issue id="CVE-2011-2483" tracker="cve" />
  <category>security</category>
  <rating>low</rating>
  <packager>lnussel</packager>
  <description>- Security and bugfix release 9.0.7:
  * Require execute permission on the trigger function for "CREATE
    TRIGGER" (CVE-2012-0866, bnc#749299).
  * Remove arbitrary limitation on length of common name in SSL
    certificates (CVE-2012-0867, bnc#749301).
  * Convert newlines to spaces in names written in pg_dump
    comments (CVE-2012-0868, bnc#749303).

See the release notes for the rest of the changes:
http://www.postgresql.org/docs/9.0/static/release.html
/usr/share/doc/packages/postgresql/HISTORY
  </description>
  <summary>update for postgresql</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places