Publishing details
Changelog
postgresql-common (181+deb9u3) stretch-security; urgency=medium
* pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is not
affected by this change. Users with directories on volatile storage
(tmpfs) in other locations have to make sure the parent directory is
writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch)
-- Christoph Berg <email address hidden> Tue, 12 Nov 2019 15:00:36 +0100
Builds
Package files