Univention Bugzilla – Bug 50508
postgresql-common: Multiple issues (4.3)
Last modified: 2019-11-20 14:07:15 CET
New Debian postgresql-common 181+deb9u3A~4.3.5.201911180802 fixes: This update addresses the following issue: * postgresql-common (CVE-2019-3466)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/postgresql-common_181+deb9u2A~4.3.1.201808081329.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/postgresql-common_181+deb9u3A~4.3.0.201911181241.dsc @@ -1,8 +1,16 @@ -181+deb9u2A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:47:48 +0200] Univention builddaemon <buildd@univention.de>: +181+deb9u3A~4.3.0.201911181241 [Mon, 18 Nov 2019 12:41:22 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-autostart-setting 02-emit-supported-postgresql-versions + +181+deb9u3 [Tue, 12 Nov 2019 15:00:36 +0100] Christoph Berg <myon@debian.org>: + + * pg_ctlcluster: Drop privileges before creating socket and stats temp + directories outside /var/run/postgresql. The default configuration is not + affected by this change. Users with directories on volatile storage + (tmpfs) in other locations have to make sure the parent directory is + writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch) 181+deb9u2 [Fri, 08 Jun 2018 11:16:28 +0200] Christoph Berg <christoph.berg@credativ.de>: <http://10.200.17.11/4.3-5/#3970831263106733226>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] ea2f08c49e Bug #50508: postgresql-common 181+deb9u3A~4.3.0.201911181241 doc/errata/staging/postgresql-common.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.3/617.html>