9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 are freshly released and ebuilds in-tree already. Fixing security issues: CVE-2015-0241 Buffer overruns in "to_char" functions. CVE-2015-0242 Buffer overrun in replacement printf family of functions. CVE-2015-0243 Memory errors in functions in the pgcrypto extension. CVE-2015-0244 An error in extended protocol message reading. CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.
Arches, please test and mark stable: =dev-db/postgresql-9.0.19 =dev-db/postgresql-9.1.15 =dev-db/postgresql-9.2.10 =dev-db/postgresql-9.3.6 =dev-db/postgresql-9.4.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
x86 stable
Stable for HPPA.
sparc stable
arm stable
ppc64 stable
ppc stable
ia64 stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
24 Feb 2015; Agostino Sarubbo <ago@gentoo.org> -postgresql-9.0.18-r2.ebuild, -postgresql-9.0.18-r3.ebuild, -postgresql-9.1.14-r2.ebuild, -postgresql-9.1.14-r3.ebuild, -postgresql-9.2.9-r2.ebuild, -postgresql-9.2.9-r3.ebuild, -postgresql-9.3.5-r2.ebuild, -postgresql-9.3.5-r3.ebuild, -postgresql-9.4.0-r1.ebuild, -postgresql-9.4.0.ebuild: Remove old Cleanup completed
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201507-20 at https://security.gentoo.org/glsa/201507-20 by GLSA coordinator Mikle Kolyada (Zlogene).