]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1dc7551) | patch
Cherry-pick security-relevant fixes from upstream imath library.
authorNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
commit8b59672d8d23ea4203cf2701d126a96edca5bdd6
tree3734a166e67794b3db4845f83d934226f2e8b5e8tree | snapshot
parent1dc75515868454c645ded22d38054ec693e23ec6commit | diff
Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243
contrib/pgcrypto/imath.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.