1
PublicDateAtUSN: 2012-08-17
2
Candidate: CVE-2012-3489
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489
7
http://www.postgresql.org/about/news/1407/
8
https://usn.ubuntu.com/usn/usn-1542-1
10
The xml_parse function in the libxml2 support in the core server component
11
in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and
12
9.1 before 9.1.5 allows remote authenticated users to determine the
13
existence of arbitrary files or URLs, and possibly obtain file or URL
14
content that triggers a parsing error, via an XML value that refers to (1)
15
a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
20
Discovered-by: Noah Misch, Tom Lane
23
Patches_postgresql-9.1:
24
upstream_postgresql-9.1: released (9.1.5-1)
25
hardy_postgresql-9.1: DNE
26
lucid_postgresql-9.1: DNE
27
natty_postgresql-9.1: DNE
28
oneiric_postgresql-9.1: released (9.1.5-0ubuntu11.10)
29
precise_postgresql-9.1: released (9.1.5-0ubuntu12.04)
30
quantal_postgresql-9.1: not-affected (9.1.5-1)
31
raring_postgresql-9.1: not-affected (9.1.5-1)
32
saucy_postgresql-9.1: not-affected (9.1.5-1)
33
trusty_postgresql-9.1: not-affected (9.1.5-1)
34
utopic_postgresql-9.1: DNE
35
devel_postgresql-9.1: DNE
37
Patches_postgresql-8.4:
38
upstream_postgresql-8.4: needs-triage
39
hardy_postgresql-8.4: DNE
40
lucid_postgresql-8.4: released (8.4.13-0ubuntu10.04)
41
natty_postgresql-8.4: released (8.4.13-0ubuntu11.04)
42
oneiric_postgresql-8.4: ignored (reached end-of-life)
43
precise_postgresql-8.4: released (8.4.22-0ubuntu0.12.04)
44
quantal_postgresql-8.4: DNE
45
raring_postgresql-8.4: DNE
46
saucy_postgresql-8.4: DNE
47
trusty_postgresql-8.4: DNE
48
utopic_postgresql-8.4: DNE
49
devel_postgresql-8.4: DNE
51
Patches_postgresql-8.3:
52
upstream_postgresql-8.3: needs-triage
53
hardy_postgresql-8.3: released (8.3.20-0ubuntu8.04)
54
lucid_postgresql-8.3: DNE
55
natty_postgresql-8.3: DNE
56
oneiric_postgresql-8.3: DNE
57
precise_postgresql-8.3: DNE
58
quantal_postgresql-8.3: DNE
59
raring_postgresql-8.3: DNE
60
saucy_postgresql-8.3: DNE
61
trusty_postgresql-8.3: DNE
62
utopic_postgresql-8.3: DNE
63
devel_postgresql-8.3: DNE
65
Patches_postgresql-8.2:
66
upstream_postgresql-8.2: needs-triage
67
hardy_postgresql-8.2: ignored (reached end-of-life)
68
lucid_postgresql-8.2: DNE
69
natty_postgresql-8.2: DNE
70
oneiric_postgresql-8.2: DNE
71
precise_postgresql-8.2: DNE
72
quantal_postgresql-8.2: DNE
73
raring_postgresql-8.2: DNE
74
saucy_postgresql-8.2: DNE
75
trusty_postgresql-8.2: DNE
76
utopic_postgresql-8.2: DNE
77
devel_postgresql-8.2: DNE