[ubuntu/hardy-security] postgresql-8.3 8.3.23-0ubuntu8.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Apr 4 13:30:49 UTC 2013

postgresql-8.3 (8.3.23-0ubuntu8.04.1) hardy-security; urgency=low

  * Add 15-ssl-init-state.patch: Reset OpenSSL randomness state in each
    postmaster child process. This avoids a scenario wherein random numbers
    generated by "contrib/pgcrypto" functions might be relatively easy for
    another database user to guess.  The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't use SSL
    encryption. Patch backported from 8.4.17. [CVE-2013-1900] (LP: #1163184)

Date: 2013-04-03 12:05:11.743375+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Hardy-changes mailing list