|
|
|
|
|
|
|
|
|
[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
|
|
|
|
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
|
|
|
|
[COPY]
|
|
|
|
|
[COPY] Filename: package/.../postgresql/postgresql.desc
|
Updated postgresql (8.2.3 -> 8.2.6) : SECURITY - CRITICAL
CVE-2007-2138 (Medium) :
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x
before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner,
related to "search_path settings."
CVE-2007-4769 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-6067 (Medium) :
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as
used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19,
allows remote authenticated users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.
CVE-2007-6600 (Medium) :
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3
before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2)
ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated users to gain
privileges.
CVE-2007-6601 (High) :
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows
remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of
an incomplete fix for CVE-2007-3278.
17 years ago
|
|
|
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
|
|
|
|
|
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
|
|
|
|
|
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
|
|
|
|
|
[COPY]
|
|
|
|
|
[COPY] More information can be found in the files COPYING and README.
|
|
|
|
|
[COPY]
|
|
|
|
|
[COPY] This program is free software; you can redistribute it and/or modify
|
|
|
|
|
[COPY] it under the terms of the GNU General Public License as published by
|
|
|
|
|
[COPY] the Free Software Foundation; version 2 of the License. A copy of the
|
|
|
|
|
[COPY] GNU General Public License can be found in the file COPYING.
|
|
|
|
|
[COPY] --- SDE-COPYRIGHT-NOTE-END ---
|
|
|
|
|
|
|
|
|
|
[I] A Database Management System
|
|
|
|
|
|
|
|
|
|
[T] PostgreSQL is an advanced object-relational database management system
|
|
|
|
|
[T] that supports an extended subset of the SQL standard, including
|
|
|
|
|
[T] transactions, foreign keys, subqueries, triggers, user-defined types
|
|
|
|
|
[T] and functions. This distribution also contains several language
|
|
|
|
|
[T] bindings, including C, C++, Perl, Python, and Tcl, as well as drivers
|
|
|
|
|
[T] for JDBC and ODBC.
|
|
|
|
|
|
|
|
|
|
[U] http://www.postgresql.org
|
|
|
|
|
|
|
|
|
|
[A] PostgreSQL Global Development group
|
|
|
|
|
[A] General Users List <pgsql-general@postgresql.org>
|
|
|
|
|
[M] Alejandro Mery <amery@opensde.org>
|
|
|
|
|
|
|
|
|
|
[C] extra/database
|
|
|
|
|
[F] JAIL
|
|
|
|
|
|
|
|
|
|
[L] OpenSource
|
|
|
|
|
[S] Stable
|
Updated postgresql (8.2.3 -> 8.2.6) : SECURITY - CRITICAL
CVE-2007-2138 (Medium) :
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x
before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner,
related to "search_path settings."
CVE-2007-4769 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-6067 (Medium) :
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as
used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19,
allows remote authenticated users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.
CVE-2007-6600 (Medium) :
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3
before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2)
ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated users to gain
privileges.
CVE-2007-6601 (High) :
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows
remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of
an incomplete fix for CVE-2007-3278.
17 years ago
|
|
|
[V] 8.2.6
|
|
|
|
|
[P] X -----5---9 126.000
|
|
|
|
|
|
Updated postgresql (8.2.3 -> 8.2.6) : SECURITY - CRITICAL
CVE-2007-2138 (Medium) :
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x
before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner,
related to "search_path settings."
CVE-2007-4769 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-6067 (Medium) :
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as
used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19,
allows remote authenticated users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.
CVE-2007-6600 (Medium) :
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3
before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2)
ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated users to gain
privileges.
CVE-2007-6601 (High) :
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows
remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of
an incomplete fix for CVE-2007-3278.
17 years ago
|
|
|
[D] 3580003969 postgresql-8.2.6.tar.bz2 ftp://ftp.postgresql.org/pub/source/v8.2.6/
|
|
|
|
|
|
