Quick Links

pgsql: Cherry-pick security-relevant fixes from upstream imath library.

From:	Noah Misch <noah(at)leadboat(dot)com>
To:	pgsql-committers(at)postgresql(dot)org
Subject:	pgsql: Cherry-pick security-relevant fixes from upstream imath library.
Date:	2015-02-02 15:01:50
Message-ID:	[email protected]
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20. Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath. Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243

Branch
------
REL9_3_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/a558ad3a7e014d42bc7e22df53c4a019e639df14

Modified Files
--------------
contrib/pgcrypto/imath.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Heikki Linnakangas	2015-02-02 15:18:15	pgsql: Be more careful to not lose sync in the FE/BE protocol.
Previous Message	Tom Lane	2015-02-02 05:19:43	pgsql: Doc: fix syntax description for psql's \setenv.