(Below from: https://www.postgresql.org/about/news/1688/)
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 9.1.23. This release fixes two security issues. It also patches a number of other bugs reported over the last three months. Users who rely on security isolation between database users should update as soon as possible. Other users should plan to update at the next convenient downtime.
Two security holes have been closed by this release:
CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
The fix for the second issue also adds an option, -reuse-previous, to psql's \connect command. pg_dumpall will also refuse to handle database and role names containing line breaks after the update.
=dev-db/postgresql-9.1.23 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-9.2.18 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-9.3.14 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-9.4.9 ~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
=dev-db/postgresql-9.5.4 ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86
Alpha Arch is excluded from 9.5.4 due to previous discussion revolving around upstream's official support being dropped and seriously degraded performance on that architecture.
Stable for HPPA PPC64.
Stable on alpha.
x86 stabilization was done in bug 602130
Dear Maintainer (or who is mainly involved in this stable request),
This is an auto-generated message that will move the current component to the new component Stabilization.
To ensure that the stabilization will proceed correctly, please fill the fields "Atoms to stabilize" and "Runtime testing required" as described here:
We have two bugs handling the same vulnerabilities. Please continue in bug 602130.
*** This bug has been marked as a duplicate of bug 602130 ***