karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Updated postgresql (8.2.3 -> 8.2.6) : SECURITY - CRITICAL 

CVE-2007-2138 (Medium) :
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x
before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner,
related to "search_path settings."

CVE-2007-4769 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (backend crash) via an out-of-bounds backref number.

CVE-2007-4772 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (infinite loop) via a crafted regular expression.

CVE-2007-6067 (Medium) :
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as
used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19,
allows remote authenticated users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.

CVE-2007-6600 (Medium) :
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3
before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2)
ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated users to gain
privileges.

CVE-2007-6601 (High) :
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows
remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of
an incomplete fix for CVE-2007-3278.
early
Aldas Nabazas 17 years ago
parent
5fd5c9c26e
commit
237f08f912
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      database/postgresql/postgresql.desc

6
database/postgresql/postgresql.desc
Unescape View File

@ -3,7 +3,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../postgresql/postgresql.desc
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
@ -35,8 +35,8 @@
[L] OpenSource
[S] Stable
[V] 8.2.3
[V] 8.2.6
[P] X -----5---9 126.000
[D] 4184924376 postgresql-8.2.3.tar.bz2 ftp://ftp.postgresql.org/pub/source/v8.2.3/
[D] 3580003969 postgresql-8.2.6.tar.bz2 ftp://ftp.postgresql.org/pub/source/v8.2.6/

Write Preview
Loading…
Cancel
Save