projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6994f07) | patch
Cherry-pick security-relevant fixes from upstream imath library.
authorNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:50 +0000 (10:00 -0500)
commita558ad3a7e014d42bc7e22df53c4a019e639df14
tree030e2120c6edeaa4b7d93c0d7fa32ef84328946etree
parent6994f07907b90ff03f661ca00e0341a9078fa843commit | diff
Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243
contrib/pgcrypto/imath.c diff | blob | blame | history
This is the main PostgreSQL git repository.