<p>
The PostgreSQL Global Development Group announces updates for all active
branches of the PostgreSQL object-relational database system, including
-versions 9.1.4, 9.0.8, 8.4.12 and 8.3.19. These releases fix a number
+versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. These releases fix a number
of bugs, including multiple <a href="/support/security/">security</a>
related bugs.
</p>
<div id="txtFrontFeatureLink">
<br/>
- <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/about/news/1398/" title="Release Announcement">Release Announcement</a><br />
+ <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/about/news/1407/" title="Release Announcement">Release Announcement</a><br />
<img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/download" title="Download">Download</a><br />
</div>
</div>
<th class="colLast">Description</th>
</tr>
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489">CVE-2012-3489</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
+ <td class="colMid">core server</td>
+ <td class="colMid">C</td>
+ <td class="colLast">xml_parse() DTD validation can be used to read arbitrary files</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488">CVE-2012-3488</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
+ <td class="colMid">contrib module</td>
+ <td class="colMid">C</td>
+ <td class="colLast">contrib/xml2's xslt_process() can be used to read and write arbitrary files</td>
+ </tr>
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143">CVE-2012-2143</a></td>
<td class="colMid">9.1, 9.0, 8.4, 8.3</td>
projects / pgweb.git / commitdiff