Opened 7 years ago

Closed 7 years ago

#9604 closed enhancement (fixed)

postgresql 9.6.4

Reported by: Pierre Labastie Owned by: bdubbs@…
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Change History (3)

comment:1 by bdubbs@…, 7 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:2 by bdubbs@…, 7 years ago

From release notes:

https://www.postgresql.org/message-id/E1dfo0s-0001Ld-L6@atalia.postgresql.org

  • Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. See the release notes for instructions for applying the fix to existing database clusters. (CVE-2017-7547; extends fix for CVE-2017-7484)
  • Disallow empty passwords in all password-based authentication methods. (CVE-2017-7546)
  • Make lo_put() check for UPDATE privilege on the target large object. (CVE-2017-7548)
  • debian/rules: Unconditionally use DEB_BUILD_MAINT_OPTIONS=hardening=+all. The old logic is kept around for compiling on older distributions.
  • Remove long obsolete --with-krb5 and move c/ldflags to configure switches.

comment:3 by bdubbs@…, 7 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 19010.

Note: See TracTickets for help on using tickets.