From f1978efac9fa2aec041e92b9d6f8f61bf48dace6 Mon Sep 17 00:00:00 2001 From: Kang Kai Date: Wed, 29 Oct 2014 08:30:56 +0800 Subject: postgresql: add fix for CVE-2014-0063 Security Advisory Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 Signed-off-by: Yue Tao Signed-off-by: Kai Kang Signed-off-by: Martin Jansa --- meta-oe/recipes-support/postgresql/postgresql.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'meta-oe/recipes-support/postgresql/postgresql.inc') diff --git a/meta-oe/recipes-support/postgresql/postgresql.inc b/meta-oe/recipes-support/postgresql/postgresql.inc index 9cfb2b6d87..4a62eb68d4 100644 --- a/meta-oe/recipes-support/postgresql/postgresql.inc +++ b/meta-oe/recipes-support/postgresql/postgresql.inc @@ -35,6 +35,7 @@ SRC_URI = "http://ftp.postgresql.org/pub/source/v${PV}/${BP}.tar.bz2 \ file://0003-Shore-up-ADMIN-OPTION-restrictions.patch \ file://0004-Prevent-privilege-escalation-in-explicit-calls-to-PL.patch \ file://0005-Avoid-repeated-name-lookups-during-table-and-index-D.patch \ + file://0006-Fix-handling-of-wide-datetime-input-output.patch \ " LEAD_SONAME = "libpq.so" -- cgit v1.2.3-54-g00ecf