FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
065890c3-725e-11e9-b0e1-6cc21735f730PostgreSQL -- Selectivity estimators bypass row security policies

The PostgreSQL project reports:

PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table.


Discovery 2019-05-09
Entry 2019-05-09
postgresql11-server
< 11.3

postgresql10-server
< 10.8

postgresql96-server
< 9.6.13

postgresql95-server
< 9.5.17

https://www.postgresql.org/about/news/1939/
CVE-2019-10130