Package: libpq3 Version: 7.4.8-8 Severity: grave Tags: security Justification: user security hole
This version of libpq3 looks for the server socket in /tmp, breaking existing configurations and introducing a security problem. $ strings -a /usr/lib/libpq.so.3 | grep tmp SSL_CTX_set_verify_depth SSL_CTX_set_tmp_dh_callback SSL_CTX_ctrl -- invalid sslmode value: "%s" /tmp %s/.s.PGSQL.%d -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
