In order to address a potential security hole recently identified with the "LOAD" option, the PostgreSQL Global Development Group is announcing the release of new versions of PostgreSQL going back to the 7.2.x version.
postgresql please bump.
More details from USN-71-1
John Heasman discovered a local privilege escalation in the PostgreSQL
server. Any user could use the LOAD extension to load any shared
library into the PostgreSQL server; the library's initialisation
function was then executed with the permissions of the server.
Now the use of LOAD is restricted to the database superuser (usually
Note: Since there is no way for normal database users to create
arbitrary files, this vulnerability is not exploitable remotely, e. g.
by uploading a shared library in the form of a Binary Large Object
(BLOB) to a public web server.
ok. i'll do that in next few hours.
i've added these ebuilds to portage tree.
arches, pls test and mark stable...
7.4.x appears to be the latest version that is marked all stable, so 7.4.7 should be the minimum to be stable.
Pls consider also to test the other updated versions. (7.3.9 and 8.0.1)
current KEYWORDS="x86 ~ppc sparc ~mips alpha ~arm hppa amd64 ~ia64 ~s390 ~ppc64"
target KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64"
current KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64"
current KEYWORDS="x86 ~ppc ~sparc ~alpha ~amd64 ~hppa ~ia64 ~mips"
stable on ppc64
7.3.9 to sparc stable.
postgresql-7.4.7 already stable on amd64. Tested and verified to work fine.
7.4.7 stable on alpha.
Stable on ppc. Sorry for the delay.