24285 2010-10-13 10:25:26 +0400 CVE-2010-3433: unauthorized privilege escalation 2010-10-25 17:15:24 +0400 1 1 4 Development Sisyphus postgresql8.4 unstable all Linux CLOSED FIXED http://www.postgresql.org/support/security.html security P3 blocker --- 1 crux mithraen misha vvk qa-sisyphus oldest_to_newest 113640 0 crux 2010-10-13 10:25:26 +0400 CVE-2010-3433: An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges. Fixed in 8.4.5 P.S. Версии 8.3.x 8.2.x также уязвимы (+ ещё 3 CVE). Имеет ли смысл на них вешать или они больше никогда не будут обновляться? 114251 1 repository-robot 2010-10-25 17:15:24 +0400 postgresql8.4-8.4.5-alt2 -> sisyphus: * Tue Oct 19 2010 Vladimir V. Kamarzin <vvk@altlinux> 8.4.5-alt2 - Rebuild for Sisyphus (Closes: #24285). - Run chroot script only when upgrading package. - Avoid leaving unowned directories after package uninstall. * Thu Oct 07 2010 Konstantin Pavlov <thresh@altlinux> 8.4.5-alt1 - 8.4.5 release (fixes CVE-2010-3433).