CVE-2007-2138 (Medium) :
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x
before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner,
related to "search_path settings."
CVE-2007-4769 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (backend crash) via an out-of-bounds backref number.
CVE-2007-4772 (Medium) :
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1
before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to
cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-6067 (Medium) :
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as
used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19,
allows remote authenticated users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.
CVE-2007-6600 (Medium) :
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3
before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2)
ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated users to gain
privileges.
CVE-2007-6601 (High) :
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows
remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of
an incomplete fix for CVE-2007-3278.
CVE-2007-5969 (Medium) :
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit
DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite
system table information and gain privileges via a RENAME TABLE statement that changes the
symlink to point to an existing file.
CVE-2007-6303 (Low) :
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the
DEFINER value of a view when the view is altered, which allows remote authenticated users to
gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW
statement and an ALTER VIEW statement.
CVE-2007-6304 (Medium) :
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4,
when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a
denial of service (federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
* removed obsolete patches and related hacks in the conf file
* disabled ruby support which seems to be broken at the moment
git-svn-id: svn://svn.opensde.net/opensde/package/trunk@21048 10447126-35f2-4685-b0cf-6dd780d3921f