Multiple potential vulnerabilities have been discovered and fixed in the latest update of PostgreSQL. Upgrade to 9.1.3, 9.0.7, 8.4.11, or 8.3.18 now, don’t wait. The 8.2 branch is EOL and will not have any fixes applied to it.
The vulnerabilities are in the server side of PostgreSQL. If you only have dev-db/postgresql-base installed, you’re safe.
Two of the three vulnerabilities are possible only after access to the database has been gained. The third can potentially be used to gain access with a specially crafted SSL certificate.
The only difference in the ebuilds between the ones that were up for stabilization and the most recent version is in the version number itself. It is safe to make an exception and use the testing version. This will allow you to get the latest version with the security fixes without accepting further testing versions and/or revisions:
# echo '=dev-db/postgresql-docs-9.1.3' >> /etc/portage/package.keywords # echo '=dev-db/postgresql-base-9.1.3' >> /etc/portage/package.keywords # echo '=dev-db/postgresql-server-9.1.3' >> /etc/portage/package.keywords
See the full details in the official news release (postgresql.org).
If you’re still using the 8.2 branch of PostgreSQL, you will have to move to a newer version. You will remain at risk of these vulnerabilities as long as you stick with 8.2.