review.tizen.org Git - scm/bb/tizen-distro.git/commit

author	Kang Kai <kai.kang@windriver.com>
	Wed, 29 Oct 2014 00:30:53 +0000 (08:30 +0800)
committer	Patrick Ohly <patrick.ohly@intel.com>
	Fri, 9 Jan 2015 17:19:15 +0000 (09:19 -0800)
commit	0ce0fa63a97a3e91b05d8d9f7352a0fe0a7055c4
tree	01793e7ef64af5d46f8449b880601a6e4d343453	tree \| snapshot
parent	080bf709f63396a8c5c5bc9649ffe77f6821ee5c	commit \| diff

postgresql: add fix for CVE-2014-0060 Security Advisory

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060

(From meta-openembedded rev: 08398ec33330425ad8a1706d92e0eb5055afbb81)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-openembedded/meta-oe/recipes-support/postgresql/files/0003-Shore-up-ADMIN-OPTION-restrictions.patch	[new file with mode: 0644]	blob
meta-openembedded/meta-oe/recipes-support/postgresql/postgresql.inc		diff \| blob \| history