Quick Links

pgsql: Fix Windows shell argument quoting.

From:	Noah Misch <noah(at)leadboat(dot)com>
To:	pgsql-committers(at)postgresql(dot)org
Subject:	pgsql: Fix Windows shell argument quoting.
Date:	2016-08-08 14:10:48
Message-ID:	[email protected]
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Fix Windows shell argument quoting.

The incorrect quoting may have permitted arbitrary command execution.
At a minimum, it gave broader control over the command line to actors
supposed to have control over a single argument. Back-patch to 9.1 (all
supported versions).

Security: CVE-2016-5424

Branch
------
REL9_2_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/4837155292f67f10576f3d7204ffd5379bbe3a7b

Modified Files
--------------
src/bin/pg_dump/pg_dumpall.c | 52 +++++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 5 deletions(-)

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Tom Lane	2016-08-08 14:34:05	pgsql: Fix two errors with nested CASE/WHEN constructs.
Previous Message	Peter Eisentraut	2016-08-08 13:28:05	pgsql: doc: Update benchmark results