Publishing details

• Published on 2020-02-08

Changelog

postgresql-common (181+deb9u3) stretch-security; urgency=medium

  * pg_ctlcluster: Drop privileges before creating socket and stats temp
    directories outside /var/run/postgresql. The default configuration is not
    affected by this change. Users with directories on volatile storage
    (tmpfs) in other locations have to make sure the parent directory is
    writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch)

 -- Christoph Berg <email address hidden>  Tue, 12 Nov 2019 15:00:36 +0100

Builds

Package files

• postgresql-common_181+deb9u3.dsc (2.3 KiB)
• postgresql-common_181+deb9u3.tar.xz (197.6 KiB)