]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d95ebe0) | patch
Cherry-pick security-relevant fixes from upstream imath library.
authorNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:51 +0000 (10:00 -0500)
commitd1972da8ce5857cec09645c11d8c7ac81b87d887
tree4006de0235238bf3eb9491a745ae7bb5c1323016tree | snapshot
parentd95ebe0ac39b946c207ed0c37bba0365132ba3c6commit | diff
Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243
contrib/pgcrypto/imath.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.