Hot on the heels of the 8.1.2 package, 8.1.3 has been released. This fixes a serious security issue, and while it hasn’t yet made it into Blastwave’s “unstable” tree, you can grab it from our testing directory. Expect to see it available from our mirrors through pkg-get shortly.
The PostgreSQL team had this to say in their release announcement:
PostgreSQL minor version 8.1.3 has been released, containing a patch for a serious security issue present in the 8.1 branch. All users of 8.1 are urged to upgrade at the earliest opportunity. Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at the same time. These contain only minor bug fixes to the 8.0, 7.4 and 7.3 versions and can be upgraded on a more planned schedule, unless of course you are encountering one of the bugs described. The security issue in 8.1.x allows an authenticated database user to escalate his ROLE privileges by exploiting knowledge of the backend protocol. While there are no known exploits in the wild for this, users are urged not to wait until they encounter one. 8.1.3 also contains a number of other bug fixes, most of them for very specific (rare) database configurations and schema issues, but including a number of crash fixes. Notable also is a fix to the TSearch2 GiST index generation code which will significantly speed up creation of TSearch2 indexes.