]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 11f738a) | patch
Cherry-pick security-relevant fixes from upstream imath library.
authorNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:52 +0000 (10:00 -0500)
commit8d412e02ebfb106aedc2edef8e3b26e802311151
tree215c3a90656040134cda8240cae5a9f57b3e6cb1tree | snapshot
parent11f738a8afb9e93ca31cd37331fc640d92b9ec96commit | diff
Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243
contrib/pgcrypto/imath.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.