Mandriva Linux Security Advisory 2012-139 - Multiple vulnerabilities has been discovered and corrected in postgresql. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
b626ecf629cea63c6722a9394e10f6f5f9a0c83303712b7e5640c33051aebdb6