From fa07ed84b8708240264fe9f091b2087b7f872b8c Mon Sep 17 00:00:00 2001 From: Dave Page Date: Thu, 11 May 2017 14:00:07 +0100 Subject: [PATCH] Update releases --- templates/index.html | 10 ++++---- templates/pages/support/security.html | 36 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/templates/index.html b/templates/index.html index 57bd882a..951e664e 100644 --- a/templates/index.html +++ b/templates/index.html @@ -8,13 +8,13 @@
-

9th February 2017

+

11th May 2017

- PostgreSQL 9.6.2, 9.5.6, 9.4.11, 9.3.16 and 9.2.20 Released! + PostgreSQL 9.6.3, 9.5.7, 9.4.12, 9.3.17 and 9.2.21 Released!

The PostgreSQL Global Development Group is pleased to announce the availability of - PostgreSQL 9.6.2, 9.5.6, 9.4.11, 9.3.16 and 9.2.20. + PostgreSQL 9.6.3, 9.5.7, 9.4.12, 9.3.17 and 9.2.21.

These new releases contain bug fixes over previous releases. All users should plan @@ -22,8 +22,8 @@

diff --git a/templates/pages/support/security.html b/templates/pages/support/security.html index be30adc7..30bcec1e 100644 --- a/templates/pages/support/security.html +++ b/templates/pages/support/security.html @@ -62,6 +62,42 @@ to determine if the bug affects specific installations or not. Class Description + + + CVE-2017-7484 + 9.2-9.6 + 9.6.3, 9.5.7, 9.4.12, 9.3.17, 9.2.21 + core server + C + selectivity estimators bypass SELECT privilege checks + + + + CVE-2017-7485 + 9.3-9.6 + 9.6.3, 9.5.7, 9.4.12, 9.3.17 + client + A + libpq ignores PGREQUIRESSL environment variable + + + + CVE-2017-7486 + 9.2-9.6 + 9.6.3, 9.5.7, 9.4.12, 9.3.17, 9.2.21 + core server + C + pg_user_mappings view discloses foreign server passwords + + + + CVE-2016-7048 + 9.1-9.5 + 9.5.5, 9.4.10, 9.3.15, 9.2.19, 9.1.24 + packaging + A + Interactive installer downloads software over plain HTTP, then executes it + CVE-2016-5423 -- 2.39.5