PostgreSQL developers release security updates for all active branches that include versions 9.0.3, 8.4.7, 8.3.14 and 8.2.20; fixing a security issue that prevents a buffer overrun in the contrib. bodule intarray’s input function for the query_int type. The risk allows the function’s return address to be overwritten by malicious code. The release also includes 63 bug fixes that include unexpected conversion overflow, array slice assignment, a pg_restore fix, failures in EXPLAIN, and improved build support for Windows.
The new versions have 33 patches for 9.0, 20 patches for 8.4, 20 patches for 8.3, and 18 patches for 8.2.