Summary: | <dev-db/postgresql-{11.11,12.6,13.2} Multiple vulnerabilities (CVE-2021-{3393,20229}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aaron W. Swenson <titanofold> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, pgsql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ | ||
Whiteboard: | B4 [glsa+ cve] | ||
Package list: | Runtime testing required: | No | |
Bug Depends on: | |||
Bug Blocks: | 766225 |
Description
Aaron W. Swenson
2021-02-21 14:15:06 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5fd6830195d614ec11bbf6465f170d0086ae4ea commit b5fd6830195d614ec11bbf6465f170d0086ae4ea Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2021-02-21 14:15:27 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2021-02-21 14:15:27 +0000 dev-db/postgresql: Security Bump Bump to 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25. Addresses vulnerabilities: CVE-2021-3393 and CVE-2021-20229. Includes ICU68 fix, and extra workaround patch for 10.16 (thanks Marco Sirabella). Bug: https://bugs.gentoo.org/771942 Bug: https://bugs.gentoo.org/766225 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> dev-db/postgresql/Manifest | 6 + .../postgresql/files/postgresql-10.0-icu68-2.patch | 11 + dev-db/postgresql/postgresql-10.16.ebuild | 461 ++++++++++++++++++++ dev-db/postgresql/postgresql-11.11.ebuild | 458 ++++++++++++++++++++ dev-db/postgresql/postgresql-12.6.ebuild | 458 ++++++++++++++++++++ dev-db/postgresql/postgresql-13.2.ebuild | 462 ++++++++++++++++++++ dev-db/postgresql/postgresql-9.5.25.ebuild | 476 ++++++++++++++++++++ dev-db/postgresql/postgresql-9.6.21.ebuild | 481 +++++++++++++++++++++ 8 files changed, 2813 insertions(+) Please stabilize the following targets: =dev-db/postgresql-10.16 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 =dev-db/postgresql-11.11 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 =dev-db/postgresql-12.6 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 =dev-db/postgresql-13.2 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 =dev-db/postgresql-9.5.25 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 =dev-db/postgresql-9.6.21 ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 sparc stable *** Bug 772320 has been marked as a duplicate of this bug. *** ppc done ppc64 done amd64 done arm done x86 done arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cb57f5044dc87248afd6f5f40794d16bd5c649c commit 0cb57f5044dc87248afd6f5f40794d16bd5c649c Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2021-02-25 14:24:59 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2021-02-25 14:24:59 +0000 dev-db/postgresql: Cleanup Bug: https://bugs.gentoo.org/771942 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> dev-db/postgresql/Manifest | 6 - dev-db/postgresql/postgresql-10.15.ebuild | 459 --------------------------- dev-db/postgresql/postgresql-11.10.ebuild | 461 --------------------------- dev-db/postgresql/postgresql-12.5.ebuild | 461 --------------------------- dev-db/postgresql/postgresql-13.1.ebuild | 465 ---------------------------- dev-db/postgresql/postgresql-9.5.24.ebuild | 476 ---------------------------- dev-db/postgresql/postgresql-9.6.20.ebuild | 481 ----------------------------- 7 files changed, 2809 deletions(-) Thank you! New GLSA request filed. This issue was resolved and addressed in GLSA 202105-32 at https://security.gentoo.org/glsa/202105-32 by GLSA coordinator Thomas Deutschmann (whissi). |