[Buildroot] [PATCH] postgresql: security bump to version 9.4.5

Vicente Olivert Riera Vincent.Riera at imgtec.com
Fri Oct 9 12:18:56 UTC 2015


Dear Gustavo Zacarias,

On 10/08/2015 07:59 PM, Gustavo Zacarias wrote:
> Fixes:
> 
> CVE-2015-5289: json or jsonb input values constructed from arbitrary
> user input can crash the PostgreSQL server and cause a denial of
> service.
> 
> CVE-2015-5288: The crypt() function included with the optional pgCrypto
> extension could be exploited to read a few additional bytes of memory.
> No working exploit for this issue has been developed.
> 
> sparc build fix patch upstream so drop it.
> 
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>


$ grep ^POSTGRESQL_VERSION package/postgresql/postgresql.mk
POSTGRESQL_VERSION = 9.4.5

$ file output/target/usr/bin/postgres
output/target/usr/bin/postgres: ELF 32-bit MSB executable, MIPS, MIPS32
rel2 version 1 (SYSV), dynamically linked (uses shared libs), for
GNU/Linux 2.6.32, with unknown capability 0x41000000 = 0xf676e75, with
unknown capability 0x10000 = 0x70401, stripped

Regards,

Vincent.



More information about the buildroot mailing list