[Slackbuilds-users] Postgresql Version 10.3 is available.
Adis Nezirovic
adis at linux.org.ba
Thu Mar 1 14:34:50 UTC 2018
Hello,
Thanks for heads up, I'll look into releasing new version next week (I
always prefer to wait a little, even for minor releases, to avoid
nasty suprises).
As for public schema security problems, that was known for a long
time, info was/is in the official docs, e.g.
https://www.postgresql.org/docs/7.3/static/ddl-schemas.html
So if someone was keen to exploit that, he could start doing that long
long time ago :-D
Best regards,
Adis
On Thu, Mar 1, 2018 at 2:38 PM, Konrad J Hambrick <kjhambrick at gmail.com> wrote:
> Adis --
>
> I said: And for consistency, I updated the postgresql.info file as follows:
>
> I meant: And for consistency, I updated MY COPY OF the postgresql.info file
> as follows:
>
> I did not mean to imply that I somehow modified your official
> postgresql.info file :)
>
> -- kjh
>
> On Thu, Mar 1, 2018 at 7:34 AM, Konrad J Hambrick <kjhambrick at gmail.com>
> wrote:
>>
>> Adis --
>>
>> There is an update for postgresql to version 10.3 this morning.
>>
>> The update builds and runs fine on Slackware64 14.2 + Multilib.
>>
>> All I had to change in the postgresql.SlackBuild was:
>>
>> VERSION=${VERSION:-10.3}
>>
>> And for consistency, I updated the postgresql.info file as follows:
>>
>>
>> DOWNLOAD="https://ftp.postgresql.org/pub/source/v10.3/postgresql-10.3.tar.bz2"
>> MD5SUM="506498796a314c549388cafb3d5c717a"
>>
>> The MD5SUM Value came directly from the published
>> ~/source/v10.3/postgresql-10.3.tar.bz2.md5 file
>>
>> Version 10.3 addresses CVE-2018-1058: Uncontrolled search path element in
>> pg_dump and other client
>> applications
>>
>> Please visit
>> https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
>> for a full explanation of the CVE-2018-1058.
>>
>> Thanks for the postgresql.SlackBuild Adis !
>>
>> -- kjh
>>
>> Note that the same CVE is addressed in postgresql version 9.6.8 which I
>> still run on my Production Box.
>>
>> It also builds, installs and runs fine 'over there'
>>
>
More information about the SlackBuilds-users
mailing list