mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-01 13:49:03 +03:00
a8b1eac71b
- Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
before 11.9 and before 10.14 did not properly sanitize the search_path
during logical replication. An authenticated attacker could use this
flaw in an attack similar to CVE-2018-1058, in order to execute
arbitrary SQL command in the context of the user used for replication.
- Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
not use search_path safely in their installation script. An attacker
with sufficient privileges could use this flaw to trick an
administrator into executing a specially crafted script, during the
installation or update of such extension. This affects PostgreSQL
versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
before 9.5.23.
https://www.postgresql.org/docs/12/release-12-4.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35ebee6510)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 lines
442 B
Plaintext
8 lines
442 B
Plaintext
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.md5
|
|
md5 80ebbf0e55193b123760e5f8e48c6cff postgresql-12.4.tar.bz2
|
|
# From https://ftp.postgresql.org/pub/source/v12.4/postgresql-12.4.tar.bz2.sha256
|
|
sha256 bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc postgresql-12.4.tar.bz2
|
|
|
|
# License file, Locally calculated
|
|
sha256 739e5d454d81d31a482469338b7c856f1f5c6b4cdda1551cea6f0f6d18eef62c COPYRIGHT
|