1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDate: 2007-04-24
Candidate: CVE-2007-2138
References:
http://www.ubuntu.com/usn/usn-454-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
Description:
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x
before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before
8.2.4 allows remote authenticated users, when permitted to call a SECURITY
DEFINER function, to gain the privileges of the function owner, related to
"search_path settings."
Ubuntu-Description:
Notes:
Bugs:
upstream_postgresql-8.1:
dapper_postgresql-8.1: released (8.1.9-0ubuntu0.6.06)
edgy_postgresql-8.1: released (8.1.9-0ubuntu0.6.10)
feisty_postgresql-8.1: needed (reached end-of-life)
gutsy_postgresql-8.1: released (8.1.10-1)
hardy_postgresql-8.1: DNE
devel_postgresql-8.1: DNE
upstream_postgresql-8.2:
dapper_postgresql-8.2: DNE
edgy_postgresql-8.2: DNE
feisty_postgresql-8.2: released (8.2.4-0ubuntu0.7.04)
gutsy_postgresql-8.2: released (8.2.5-1)
hardy_postgresql-8.2: released (8.2.5-1)
devel_postgresql-8.2: DNE
|