Postgres Pro
Downloads
Home   >   mailing lists

pgsql: Fix Windows shell argument quoting. - Mailing list pgsql-committers

From Noah Misch
Subject pgsql: Fix Windows shell argument quoting.
Date
Msg-id E1bWlGS-0006nT-AQ@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
Tree view 
Fix Windows shell argument quoting.

The incorrect quoting may have permitted arbitrary command execution.
At a minimum, it gave broader control over the command line to actors
supposed to have control over a single argument.  Back-patch to 9.1 (all
supported versions).

Security: CVE-2016-5424

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/2e5e90d8d10ca568381adfaaf53e8a9e8e342375

Modified Files
--------------
src/bin/pg_dump/pg_dumpall.c | 52 +++++++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 5 deletions(-)

pgsql-committers by date:

Previous
From: Tom Lane
Date:
Subject: pgsql: Last-minute updates for release notes.
Next
From: Noah Misch
Date:
Subject: pgsql: Reject, in pg_dumpall, names containing CR or LF.